SAN FRANCISCO: A day after admitting it "unintentionally" uploaded email contacts of nearly 1.5 million of new users,
Facebook has now revealed that millions of Instagram passwords were stored on its servers in a readable format.
The admission came in a quiet update to a previous blog post that arrived at the exact time US attorney general William Barr was addressing a press conference on the release of the Mueller report and all attention was drawn by those explosive findings.
Facebook also opted not to post a new blog post about the findings, instead disclosing the update by tweaking an old post, which was originally put up a month ago.
Last month, Facebook said it fixed a security issue wherein millions of its users' passwords were stored in plain text and "readable" format for years and were searchable by thousands of its employees . It said the passwords were stored on internal servers, where no outsiders could access them.
The company on Thursday revealed that millions of passwords belonging to the users of its photo-sharing service Instagram were also exposed.
"We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users," said the social media firm in the blog post update. "We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed."
Facebook had found that some user passwords were being stored in a readable format. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable. We have fixed these issues and as a precaution will be notifying everyone whose passwords we found stored this way," wrote Pedro Canahuati, vice-president, engineering, security and privacy at Facebook.
Worried over the mishandling of users' personal data on Facebook, the US federal regulators are now considering the possibility of holding its CEO Mark Zuckerberg accountable.
According to a report in the Washington Post on Thursday, "the discussions about how to hold Zuckerberg accountable for Facebook's data lapses have come in the context of wide-ranging talks between the Federal Trade Commission (FTC) and Facebook".
Sanctioning a tech CEO would be a rare move by the FTC and could be a signal to other tech honchos as governments the world over are in a huddle how to safeguard users' data. "Such a move could create new legal, political and public relations headaches for one of Silicon Valley's best known and image conscious corporate leaders," the report said.
The FTC is largely probing the Cambridge Analytica data scandal that exposed personal data of 87 million Facebook users. Since then, there have been several incidents where Facebook acknowledged series of privacy lapses.