Last month, Facebook reported it suffered a password-related security incident regarding Instagram. At the time, it said tens of thousands of people were affected. Now it says millions of Instagram users are affected (via Instagram).
In its blog post, Facebook admitted that it stored Instagram passwords in plain text. It claims the passwords weren’t accessible to outsiders or employees.
Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.
Double-check known data breaches by visiting HaveIBeenPwned.com. Change your password, ideally with a password manager like 1Password, LastPass, Dashlane, or even iCloud Keychain. An additional security measure is stating up two-factor authentication on your Instagram account.
Finally, because this isn’t the latest Facebook snafu, nor will it be the last, it is my opinion that you should just delete your Facebook and/or Instagram account.