With Nation Distracted by Mueller Report, Facebook Admits Millions of Users’ Passwords Affected by Latest Privacy Breach

CNET / YouTube F8 Zuckerberg takes on Trump unveils...
CNET / YouTube

In what critics described as a classic “news dump,” Facebook appeared to take advantage of the Mueller report capturing the nation’s attention to reveal at the same time that millions of users’ passwords had been stored on the site in an unsecured manner.

On Thursday, Facebook added to a blog post from March 21 to let users know that instead of storing tens of thousands of Instagram passwords, as it had reported last month, the number of users affected by the privacy breach was in the millions. Facebook is the parent company of Instagram.

“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,” wrote Pedro Canahuati, vice president of Engineering, Security and Privacy. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.”

The stored passwords were found in January during a routine security check, according to Facebook. In March, when the breach was first announced, the company said the passwords were never visible to anyone outside of Facebook.

However, the passwords were stored in plain text—meaning employees could access and read the data. The company wrote that the passwords were not “internally abused or improperly accessed.”

A number of critics noted that the revelation—which was shared in a nondescript blog post during a major news event—appeared to be orchestrated to attract as little attention as possible.

“That is how you news dump,” wrote Alex Heath, a reporter who covers social media at Cheddar.

“Attempting to hide bad news can often backfire for a company,” wrote Heather Kelly of CNN Business. “It could land during a quiet time when nothing else is going on and be a big story, or it could lead to reporters writing about a company’s habit of trying to bury news before holidays.”

The news of the password breach also coincided with reports that Facebook had “unintentionally” collected 1.5 million email contacts from users, without their consent, starting in May 2016.

Users were asked to enter their email addresses to verify their identities when signing up for Facebook, and during that process the company was able to gather their contacts “to improve Facebook’s ad targeting, build Facebook’s web of social connections, and recommend friends to add,” according to Business Insider.

Facebook is currently under investigation by the Department of Justice and the Federal Trade Commission for its sharing of users’ data with outside developers including Cambridge Analytica, a political consulting group with ties to President Donald Trump’s 2016 campaign.

On Friday, the Washington Post reported that federal regulators are specifically targeting Facebook CEO Mark Zuckerberg in their probe of the company.

“The days of pretending this is an innocent platform are over,” Roger McNamee, an early Facebook investor who has criticized the company over its privacy breaches and effects on U.S. democracy, told the Post, “and citing Mark in a large scale enforcement action would drive that home in spades.”


Building a better version of Facebook? Check out the online message streaming and queuing service Kafkaesque, powered by Apache Pulsar.

Thank you to all who already support our work since we could not exist without your generosity. If you have not already, please consider supporting us on Patreon to ensure we can continue bringing you the best of independent journalism.

Leave a Comment

1 Comment on "With Nation Distracted by Mueller Report, Facebook Admits Millions of Users’ Passwords Affected by Latest Privacy Breach"

avatar
  Subscribe  
newest oldest most voted
Notify of
Michael owens
Guest
Michael owens

Why is this column slowly turning into a platform for other topics..?😀✌️