Facebook revealed the new information in an updated blog post Thursday morning.
“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,” Facebook said in its post. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”
Facebook had initially reported March 21 that it believed “tens of thousands” of Instagram passwords had been affected.
In its March 21 blog post, Facebook said it found the user password issue as part of a routine security review in January, but stressed that the passwords were never visible to anyone outside of Facebook and that they had found no evidence that anyone internally abused or improperly accessed the passwords. “We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way,” Facebook said.
Facebook did not give a specific number of those affected in its updated blog post.
The social media giant is under investigation by numerous government agencies, including the Federal Trade Commission and the Department of Justice, for its data collection and privacy practices.