While America was consumed with the partial release of an explosive report that has shaken the presidency and divided the nation, Facebook whispered some bad news: Millions of Instagram users’ passwords were compromised in a data-security lapse.
This followed a massive security failure the company announced March 17, in which the passwords of hundreds of millions of Facebook users, and tens of thousands of Instagram users had been stored unencrypted on the firm’s servers, open to employees.
On Thursday morning, as news broke about special counsel Robert Mueller’s report on alleged connections between the presidential campaign of President Donald Trump and Russian election meddling, Facebook confessed to another huge incident of mishandling customer data.
The Menlo Park social media giant led by CEO Mark Zuckerberg, beset by scandal after scandal over privacy and other issues, put the news out in an update to a March 21 blog post.
“Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format,” said the update to the post by Pedro Canahuati, vice-president of engineering, security and privacy.
“We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.”
The company said it has also found no evidence that any passwords at issue in the March 21 announcement were abused or misused.
Facebook, asked about the timing of Thursday’s announcement, said it learned of the additional millions of exposed Instagram passwords recently, after the March 21 announcement, and had been preparing to notify people.
“We want to be clear that we simply learned there were more passwords stored in this way,” the company said.