It was just four weeks ago when Facebook admitted that they discovered that millions of users’ passwords were being stored in plain text and in an unsecured program. At that time, they said that around tens of thousands of Instagram users were also included in the unencrypted document. Well they have now updated that blog post saying that the issue has actually “impacted millions of Instagram users” while emphasizing that the stored passwords “were not internally abused or improperly accessed.”
Facebook says that they will be emailing the affected Instagram users, same as what they did with the initial admission that hundreds of millions of Facebook users’ passwords were stored in plain text. Similar with the Facebook notification email, they will probably not force you to reset your Instagram password because they are “reserving those steps” only for those times when they have detected that there were signs that the passwords were abused.
Still, if you’re the one receiving a notification from Facebook saying that your Instagram password was one of the millions that were stored in a readable format, it can be quite alarming. And even if they are assuring you that they did not detect any improper access and use of these passwords, it will still make sense to change your password rather than just taking Facebook at its word.
There also seems to be a bit of downplaying of this incident as they did not make a new post informing the public of these new details. What they did was update the post from four weeks ago and inserting a few sentences in the second paragraph. If you’re not the type that would go back to a month-old post, you wouldn’t know about this probably.
Their investigation into the incident is probably still ongoing although they did say that the problem that caused the passwords to be stored in plain text has been fixed. But we’ll probably (hopefully) see more details uncovered while they’re looking into it. Hopefully the update won’t be just added into an old post next time.