While just about every reporter was poring over the document, Facebook updated a blog post from March indicating that passwords had been exposed, stored as readable text (as opposed to securely encrypted), for hundreds of millions of Facebook users and thousands of Instagram users.
It added a new paragraph to the middle of the post today indicating that a lot more Instagram users were affected than it originally thought:.
(Update on April 18, 2019 at 7AM PT: Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format.
We now estimate that this issue impacted millions of Instagram users.
Our investigation has determined that these stored passwords were not internally abused or improperly accessed).
Facebook said it would notify the impacted users and that there’s no evidence that anyone within or outside Facebook had access to the passwords.
But still, those users, and perhaps anyone else, might want to change their password or enable two-factor authentication just to make sure. »