"Millions" of Instagram users had their passwords stored in unencrypted form on internal servers, Facebook said Thursday, raising its original estimate of tens of thousands.
"We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed," the social network said.
Facebook, Instagram's parent company, revealed last month that the unencrypted passwords of hundreds of millions of users had been stored, putting the number of Instagram users affected in the tens of thousands.
The social network's handling of user data has been a flashpoint for controversy since it admitted last year that Cambridge Analytica, a political consultancy, used an app that may have hijacked the private details of 87 million users.
Facebook has announced a series of moves to tighten handling of data, including eliminating most of its data-sharing partnerships with outside companies.
The California firm reaches an estimated 2.7 billion people with its core social network, Instagram and messaging applications.