Facebook has admitted that millions of Instagram passwords were stored on internal Facebook servers in readable plain text format, not thousands as initially claimed back in March.
Millions of Instagram Passwords Compromised
Last month, Facebook revealed that millions of Facebook Lite users had their passwords stored on internal company servers in a readable plain text format that was accessible by regular company employees, and claimed that “thousands” of Instagram accounts were affected as well. Now, the number of Instagram accounts affected by the breach of basic security standards appears to number in the millions.
In an update to the initial March 21 blog post by Pedro Canahuati, Facebook’s Vice President for Engineering, Security, and Privacy, revealing the breach, the company said: “Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”
Timing of Revelation Draws Suspicion by Some
Facebook’s update comes on a day where the US news media and social media environment is consumed by the release of Robert Mueller’s special counsel’s report on Russian interference in the 2016 US Presidential Election, which also explores whether President Donald Trump or members of his campaign were involved in the effort—the report concluded that there was no criminal conspiracy—as well as whether the President committed Obstruction of Justice.
The timing of the update by Facebook has been suggested by some as an effort to release the news as quietly as possible.
facebook deciding to dump bad news of more user password compromises ("Millions" of Instagram users, up from "thousands" a month ago) on mueller dayhttps://t.co/43qmutkpop— rat king (@MikeIsaac) April 18, 2019
Incredible: While the Muller report was being released, Facebook updates an old press post titled “Keeping Passwords Secure” with the new disclosure that millions of Instagram account passwords were internally stored in readable plaintext. https://t.co/BiDfq1G8N3— Alex Heath (@alexeheath) April 18, 2019
Who's using Mueller Report Day to bury bad news? If you guessed Facebook, you're right: Millions more passwords sto… https://t.co/23Ix4Xy6io— The Register (@TheRegister) April 18, 2019