Last month, Facebook shared a blog post detailing how passwords of Instagram, Facebook and Facebook Lite users were stored in plaintext on its servers. At the time, Facebook said only 'tens of thousands of Instagram users' were affected. Now, Facebook has updated the post to say 'millions of Instagram users' had their passwords stored in plaintext on its servers.

Facebook claims 'these stored passwords were not internally abused or improperly accessed' and says it will notify the users with exposed passwords. Krebs on Security reports more than 20,000 Facebook employees had access to the plaintext passwords, some of which date as far back as 2012.

Regardless of whether or not you've been notified by Facebook of a breach, it would be a good idea to change your Facebook and Instagram passwords as well as the passwords on any other login that shares those passwords.