People who believe Instagram is more careful with their personal information than its parent company might want to think again.
Facebook revealed last month that account passwords for hundreds of millions of users were stored on its internal servers in plain text, and today, it quietly updated its Newsroom post from March to report its discovery of millions of Instagram passwords suffering a similar fate.
The company would not specify how many Instagram users were impacted, only saying that the total was less than the hundreds of millions from Facebook Lite and the tens of millions from Facebook that were disclosed last month.
All impacted Instagram users will be notified, Facebook added.
According to the social media giant, since last month’s disclosure, it discovered additional Instagram passwords that were stored on its servers in a readable format. The company originally believed the total to be in the tens of thousands, as it stated in March, but it upped that estimate to the millions.
Facebook said in the update to its Newsroom post that its investigation determined that these passwords were not “internally abused or improperly accessed,” mirroring its findings from the original group of passwords from March.
Facebook vice president of engineering, security and privacy Pedro Canahuati said in the original post that the issue was discovered as part of a routine security review in January and has since been corrected.
When asked why today’s developments were quietly reported as an update to an old post, rather than in a new announcement, a Facebook spokesperson said, “This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way. There is no evidence of abuse or misuse of these passwords.”