Thousands become millions: Facebook uses Mueller report as smokescreen for Instagram scandal
Facebook has been caught stealthily updating a weeks-old blog post regarding password security on Facebook and Instagram, on the same day the Mueller report was released.
The company admitted on March 21 that it had failed to securely store users’ passwords, logging them and storing them unencrypted in plain text. The problem was initially detected as far back as January.
An hour before the Mueller report was released on Thursday, Facebook spin doctors amended the number of Instagram users affected from “tens of thousands” to “millions.” Quick maths.
“(Update on April 18, 2019 at 7AM PT: Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users,” Facebook wrote in the amendment.
“We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed).”
Here's a reminder that Facebook owns Instagram - they left millions of Instagram passwords unencrypted on internal servers, just like they did with Facebook accounts.Stay safe, don't re-use passwords!https://t.co/JFnKAcawDcpic.twitter.com/Y1HMdrkJCf
— Nextcloud 📱☁️💻 (@Nextclouders) April 19, 2019
While the Muller report was being released, Facebook updates an old press post titled “Keeping Passwords Secure” w/ the new disclosure that millions of Instagram account passwords were internally stored in readable plaintext.https://t.co/SwSCCZZdQe
— Scott Galloway (@profgalloway) April 18, 2019
Buried in this updated blog post by @facebook on Mueller Report Release Day is news that millions of @Instagram account passwords were internally stored in readable plaintext. https://t.co/idz5pq9vkG
— Steve Herman (@W7VOA) April 18, 2019
Extremely well-timed “update” by Facebook to a month-old disclosure of a security issue. https://t.co/kFPuZY3mbLpic.twitter.com/trOC0MitC2
— Nick Confessore (@nickconfessore) April 18, 2019
Nothing to see here, folks, just Facebook choosing the #MuellerReport release to post an update confirming it stored millions of passwords completely insecurely. https://t.co/w4Ie9NSDOA
— Hicham Yezza (@HichamYezza) April 18, 2019
And we have a sequel! TWO news dumps by Facebook on the same day! "...we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users" https://t.co/qkrBqKEUiP
— Gavin Sheridan (@gavinsblog) April 18, 2019
Facebook did not confirm the exact number of affected accounts but did state that the number is not in the tens or hundreds of millions.
“This is an issue that has already been widely reported, but we want to be clear that we simply learned there were more passwords stored in this way,” the spokesperson said in an emailed statement to the Huffington Post. “There is no evidence of abuse or misuse of these passwords.”
Facebook reaffirmed that there is no indication that the data was improperly accessed or abused, despite being accessible to more than 20,000 Facebook employees, adding that affected Instagram users will be notified that their passwords were improperly stored.
The news came the same day that it emerged Facebook had been accessing and storing 1.5 million users’ email contacts without their knowledge or permission.
Think your friends would be interested? Share this story!
