RSS
 

Posts Tagged ‘plaintext’

Facebook now says ‘millions of Instagram users’ had their passwords stored in plaintext

19 Apr

Last month, Facebook shared a blog post detailing how passwords of Instagram, Facebook and Facebook Lite users were stored in plaintext on its servers. At the time, Facebook said only ‘tens of thousands of Instagram users’ were affected. Now, Facebook has updated the post to say ‘millions of Instagram users’ had their passwords stored in plaintext on its servers.

Facebook claims ‘these stored passwords were not internally abused or improperly accessed’ and says it will notify the users with exposed passwords. Krebs on Security reports more than 20,000 Facebook employees had access to the plaintext passwords, some of which date as far back as 2012.

Regardless of whether or not you’ve been notified by Facebook of a breach, it would be a good idea to change your Facebook and Instagram passwords as well as the passwords on any other login that shares those passwords.

Articles: Digital Photography Review (dpreview.com)

 
Comments Off on Facebook now says ‘millions of Instagram users’ had their passwords stored in plaintext

Posted in Uncategorized

 

Report: Instagram bug revealed some users passwords as plaintext in URLs

23 Mar

Less than a day ago, it was revealed more than 20,000 Facebook employees had access to over 600 million user passwords that were stored in plaintext on Facebook’s servers. Now, it’s being reported that Instagram too has suffered from a bug that inadvertently exposed users passwords in plaintext.

According to an exclusive report from The Information, Facebook informed affected Instagram users about a security flaw that caused passwords to be shown in plaintext when users opted to use Instagram’s ‘Download Your Data’ tool, a tool that ironically enough was created to help users see just how much information Instagram (read: Facebook) has collected on them.

A screenshot of the text shown after users request a download of all the data Instagram has collected from them.

In an email sent out by Instagram to affected users on Thursday, passwords were exposed in the URL that was sent when a data download request was made. This means if the download link was viewed on a shared or public device, it would be possible for anyone to see the affected users’ password. In a statement to The Information, an Instagram spokesperson said the issue was ‘discovered internally and affected a very small number of people.’

Regardless of how many Instagram users were or weren’t affected by this bug, such an issue shouldn’t be possible if Instagram were properly keeping passwords hidden with the proper encryption technology, as the passwords should never be able to be seen in plaintext — anywhere. In a statement to The Information, principle research scientists at security firm Sophos, Chet Wisniewski, said:

‘This is very concerning about other security practices inside of Instagram because that literally should not be possible. If that’s happening, then there are likely much bigger problems than that’

The ‘Download Your Data’ tool has since been updated to fix the issue, but it might be a good idea to change your Instagram passwords regardless as a precaution.

Articles: Digital Photography Review (dpreview.com)

 
Comments Off on Report: Instagram bug revealed some users passwords as plaintext in URLs

Posted in Uncategorized