Facebook does not really seem to understand privacy or security

The protection of the privacy of the reputation already denigrated by Facebook has just taken two other critical results.

On Thursday, the social network said it found that millions of Instagram passwords had been stored in plain text, an insecure format that would allow the technology giant's employees to read them whenever they wanted. The new figure is an order of magnitude higher than the initial estimate of tens of thousands of unsecured passwords revealed in March.

The news, which had been overshadowed by the publication of the Mueller report, had not been obscured, as a result of an article claiming that Facebook, the parent company of Instagram, had operated "unintentionally" Email contacts of about 1.5 million users in the last three years. The activity was discovered when a security researcher noticed that Facebook was asking users to enter their passwords to verify their identity when creating accounts, according to Business Insider, who had previously reported on the practice. Those who entered their passwords saw a pop-up message saying that Facebook "imported" their contacts, even though the service did not ask for permission, according to BI.

These incidents are just the latest in a series of bad news for the social media giant, who struggles to fight the perception that he can not attack the concept of protecting your information . Facebook has taken a step forward to look more closely at privacy and messaging, but continues to be plagued by foolishness one after the other.

Facebook has acknowledged both failures.

"We will inform these users as we have done the others," said Pedro Canahuati, vice president of engineering, security and privacy at Facebook, about unsecured IG passwords, in updating a blog post dating back a month. "Our investigation determined that these stored passwords had not been misused or used internally."

Generally, Facebook hatches and encrypts passwords so that even its own employees can not see them. This helps to ensure that users' passwords are protected. The company discovered that hundreds of millions of passwords were stored in plain text after a security review in January.

In addition, a Facebook spokesperson confirmed that 1.5 million contacts had been collected without user authorization since May 2016.

"Last month, we stopped offering e-mail password verification as an option for people checking their account when they first sign up for Facebook," said a Facebook spokesman. "When we looked at the steps people took to check their accounts, we found that in some cases, people's email contacts were also unintentionally uploaded to Facebook when they created their accounts.

"We corrected the underlying problem and notified the people whose contacts were imported," said Facebook, adding that the contacts were not shared with anyone and that they were deleted. He also pointed out that users can view and manage the contacts that they share with Facebook in their settings.

Facebook also notifies hundreds of millions of Facebook Lite users and tens of millions of other Facebook users whose passwords have been exposed internally.

As the largest social network in the world, Facebook controls the data of over 2 billion people and people who have access to it. The company's data handling practices have been called into question following the Cambridge Analytica scandal, in which personal information about nearly 87 million Facebook users was misused.