Kurt Wagner reported for Recode that Facebook stored millions of Instagram passwords unencrypted.

Facebook first announced late last month that it had stored hundreds of millions of user passwords unencrypted on its servers, a massive security problem. At the time, it said that “tens of thousands” of Instagram passwords were also stored in this way.

On Thursday morning, Facebook updated its blog to say that, actually, “millions” of Instagram users, not “tens of thousands,” were impacted.

Drip PR once again. Announce it as tens of thousands before admitting more were impacted. Go change your Instagram password. They will probably store it encrypted this time round.