Millions of Instagram users were affected due to passwords stored in plain text on Facebook servers, Facebook admitted its blog post. Given the popularity of Instagram around the world, Facebook security blunder was enough to compromise the security of millions of Instagram accounts.
Last month, Facebook said that the company had inadvertently stored passwords in plain text, making it possible for its thousands of employees to search them. Facebook said the passwords were stored on internal company servers where they were out of reach of outsiders.
Facebook said in its blog post that it estimates that “millions” of Instagram users were affected by the lapse. Earlier, the social networking giant had reported that “tens of thousands” Instagram users were affected.
“Since this (blog) post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users,” Facebook said.
“We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed,” Facebook added.
Apart from Instagram, “hundreds of millions” of Facebook Lite users and millions of Facebook users were affected by the lapse. Facebook Lite is designed for people with older phones or slow internet connections.
Of late, hackers are targetting Instagram users with different phishing schemes and attacks. Over the last few weeks, multiple phishing were reported. Hackers were recently caught stealing Instagram passwords using a new ‘Nasty List’ phishing attack.
Be wary of URLs
Be careful about the links you open on your web browser. If you find anything suspicious, don't click. The backbone of these phishing scams is a little bit of trickery to make users fall for such fraudulent schemes and malicious pages impersonating the real ones. Always use the official Instagram app on your phone.
Enable two-factor authentication. All you need to do is go to Settings > Privacy and security > Security > Two-factor authentication. Enable it by choosing either text message (OTP) or authentication app method.
(With agency inputs)