Facebook’s security blunder was worse than we thought

The Instagram app on Pixel 2.

Remember when Facebook announced its password snafu back in March? It turns out that the security blunder was much more significant that initially announced, since the issue also encompassed millions of Instagram passwords.

According to an updated security blog post originally published March 21, Facebook discovered additional logs of Instagram passwords stored in readable text. Facebook said the issue affected “millions” of Instagram users.

The good news is that Facebook’s investigation found no abuse or improper access of the affected Instagram passwords. The investigation also found that the passwords were not accessible outside of Facebook and Instagram employees. That said, Instagram will reach out to affected users and instruct them on how to change their passwords.

This is Facebook’s second password issue in less than a month. On March 21, a “routine security review” found that internal Facebook servers were storing millions of plain-text, unencrypted user passwords.

Editor’s Pick

As with today’s announcement, no one outside of Facebook employees supposedly saw the passwords. Facebook estimated that it would notify hundreds of millions of Facebook Lite users and tens of millions of other Facebook users and encourage them to change their passwords.

At the time, Facebook said it would look at different ways to store information related to its users, including things like access tokens. We don’t know if Facebook is still looking for different ways to store user information or whether it already found a different way.

This is a good time to remind folks to use password managers. And if you’ve had enough of Facebook’s shenanigans, we also have instructions on how to delete your Instagram and Facebook accounts.

NEXT: How to delete your Instagram account

Mozilla’s free Firefox password manager is now available on Android

Mozilla announced today that Firefox Lockbox is now available on Android. The app was previously only available on iOS.

Firefox Lockbox is Mozilla’s free password manager that lets you view, copy, and paste every password you’ve saved in the Firefox web browser. You can also set Firefox Lockbox as the default autofill service on Android from your device settings and choose which browser you want to open your website URLs.

Each password is locked down with 256-bit encryption, with the app itself locked behind a fingerprint or PIN if you want that extra layer of security. There’s also an automatic timer that locks the app after a certain amount of time elapses.

Editor’s Pick

Overall, Firefox Lockbox is a very simple password manager. You can’t create new passwords from within the app, check to see if passwords were part of security breaches, or save anything other than passwords. This is not a traditional password manager, so those who use 1Password or LastPass should probably keep using it.

That said, Firefox Lockbox syncs across your devices and gives Mozilla a small leg up over Google Chrome — Google doesn’t offer a dedicated password manager for passwords saved in Chrome.

You can download Firefox Lockbox at the link below. The app is available for free and doesn’t feature in-app purchases.

Get protected with Password Boss — just $19.99

Password Boss PremiumPassword Boss Premium is on offer this week, and if you’ve ever had your phone lost or stolen you’ll know why it’s handy. Without a password manager, even when all the insurance is sorted out and you’ve got a new device, how do you remember all your passwords to get back into your accounts? 

Most of us have something like 30 to 50 log-in details to remember. We were always told not to write them down, and your accounts log in automatically. It’s not realistic to remember them, and some of them may need to be changed regularly. It’s a nightmare.

4 out of 5 Stars – PC Mag

Don’t wait until you’re in that situation to test your memory. The solution is a password manager, and Password Boss Premium is a solid choice. It stores your log-in details for all your accounts, all you have to do is remember one log-in for the app itself.

Password Boss comes with a host of other features to make your life easy. It’s protected with military-level encryption, it generates super-strong passwords, and it synchronizes across your devices. It even has a remote data-wipe feature in case your device is stolen.

Password Boss at a glance:

  • Use one master password to fill in unique usernames and passwords for different websites.
  • Store an unlimited number of passwords.
  • Auto-fill forms on websites with saved passwords.
  • Access your passwords anywhere with syncing across devices.
  • Share passwords with an unlimited number of people.
  • Prevent data theft by deleting data from lost devices and utilizing two-step verification.

There’s no time like the present to get peace of mind. To get Password Boss for life across three devices is only $19.99 — a huge 86 percent off the retail price. There are similar big deals on the five-device and unlimited-device packages.

The deals expire soon, and anyway, you don’t want to wait until you’re locked out of an account. Hit the button below to sign up.

The AAPicks team writes about things we think you’ll like, and we may see a share of revenue from any purchases made through affiliate links. To see all our hottest deals, head over to the AAPICKS HUB.