Sunday, June 15, 2025
HomeComputer SecurityFacebook Stored Millions of Instagram Users Password in Plain Text

Facebook Stored Millions of Instagram Users Password in Plain Text

Published on

SIEM as a Service

Follow Us on Google News

Facebook revealed last month that they stored tens of millions of Facebook password in plain text including thousand of the Instagram password instead of masking it as a human-readable format.

Now its worse than earlier report, and the number has been revised in the Facebook new update that states they discovered additional logs that contain million of Instagram passwords stored in plain text.

Facebook continuously facing the security failure incidents since last year and this case poorly developed an application that manages passwords let Facebook stored these passwords in a human-readable format.

- Advertisement - Google News

According to Krebs investigation during the previous Facebook report, there are nearly 200 million to 600 million users password may have been stored in human-readable plain text format.

Also, access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

New Facebook update states that “Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.).”

During this incident, none of the Instagram users data improperly accessed anyhow Instagram and Facebook users recommended changing their password.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...