You Might Want to Change Your Instagram Password – Millions of Usernames and Passwords Stored in Plaintext in Bug

By Kehl Bayern / March 21, 2019

Last Updated on by

Facebook was apparently keeping millions upon millions of usernames and passwords stored in a plaintext accessible to employees according to every news outlet under the sun today.

You might want to change your password as a little bit of a precaution.

Image via from

Oh and it doesn’t just impact Facebook, but Instagram as well (and Facebook Lite, for that matter).

Further, reports indicate that the issue went all the way back to the year 2012. Facebook’s vice president of engineering and security, Pedro Canahuati, wrote in a blog post: “As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems…Our login systems are designed to mask passwords using techniques that make them unreadable. To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.”

A review of security after a lapse revealed the plaintext username and password issue. As soon as it was discovered, the company began to put necessary changes into place.

The Center for Technology and Global Affairs at Oxford University’s Lukasz Olejnik thinks this is a pretty big deal from a web security standpoint, commenting, “It’s good that they’re being proactive…But this is a big deal. It seems like they found the issue during an audit so maybe their past mistakes plus new privacy regulations are making these checks more standard.”

Security engineer and director of the Open Crypto Audit Project, Kenn White, explained the entire thing from a systems point of a view, saying “But if Facebook retains that for years it raises a lot of questions about their architecture. They have an obligation to protect these debug logs and audit and understand what they’re retaining. In some ways that’s the most sensitive data they hold, because it’s raw and unmanaged.”


About the author

Kehl Bayern

Kehl Bayern is our staff news writer and has over a decade of experience in online media and publishing. In terms of photography, he is interested in architecture and modern design. Kehl Bayern is also the author of science fiction thriller Animus Proxy. He is based in Boston, Massachusetts and studied politics at the University of Virginia and, later, Harvard University for graduate school. He spends much of his time traveling up and down the east coast of the United States. You can follow him on Instagram, Twitter and Facebook.

Leave a comment: