Facebook added to a blog post from March 21 on Thursday to let users know that instead of storing tens of thousands of passwords, as it had reported last month, the number of users affected by the privacy breach was in the millions. (Photo: Reuters)
With Nation Distracted by Mueller Report, Facebook Admits Millions of Users' Passwords Affected by Latest Privacy Breach
"That is how you news dump."
In what critics described as a classic "news dump," Facebook appeared to take advantage of the Mueller report capturing the nation's attention to reveal at the same time that millions of users' passwords had been stored on the site in an unsecured manner.
On Thursday, Facebook added to a blog post from March 21 to let users know that instead of storing tens of thousands of Instagram passwords, as it had reported last month, the number of users affected by the privacy breach was in the millions. Facebook is the parent company of Instagram.
"Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format," wrote Pedro Canahuati, vice president of Engineering, Security and Privacy. "We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."
The stored passwords were found in January during a routine security check, according to Facebook. In March, when the breach was first announced, the company said the passwords were never visible to anyone outside of Facebook.
However, the passwords were stored in plain text--meaning employees could access and read the data. The company wrote that the passwords were not "internally abused or improperly accessed."
A number of critics noted that the revelation--which was shared in a nondescript blog post during a major news event--appeared to be orchestrated to attract as little attention as possible.
"That is how you news dump," wrote Alex Heath, a reporter who covers social media at Cheddar.
"Attempting to hide bad news can often backfire for a company," wrote Heather Kelly of CNN Business. "It could land during a quiet time when nothing else is going on and be a big story, or it could lead to reporters writing about a company's habit of trying to bury news before holidays."
The news of the password breach also coincided with reports that Facebook had "unintentionally" collected 1.5 million email contacts from users, without their consent, starting in May 2016.
Users were asked to enter their email addresses to verify their identities when signing up for Facebook, and during that process the company was able to gather their contacts "to improve Facebook's ad targeting, build Facebook's web of social connections, and recommend friends to add," according to Business Insider.
Facebook is currently under investigation by the Department of Justice and the Federal Trade Commission for its sharing of users' data with outside developers including Cambridge Analytica, a political consulting group with ties to President Donald Trump's 2016 campaign.
On Friday, the Washington Post reported that federal regulators are specifically targeting Facebook CEO Mark Zuckerberg in their probe of the company.
"The days of pretending this is an innocent platform are over," Roger McNamee, an early Facebook investor who has criticized the company over its privacy breaches and effects on U.S. democracy, told the Post, "and citing Mark in a large scale enforcement action would drive that home in spades."
Urgent. It's never been this bad.
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission from the outset was simple. To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It’s never been this bad out there. And it’s never been this hard to keep us going. At the very moment Common Dreams is most needed and doing some of its best and most important work, the threats we face are intensifying. Right now, with just two days to go in our Spring Campaign, we're falling short of our make-or-break goal. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Can you make a gift right now to make sure Common Dreams not only survives but thrives? There is no backup plan or rainy day fund. There is only you. —Craig Brown, Co-founder |
In what critics described as a classic "news dump," Facebook appeared to take advantage of the Mueller report capturing the nation's attention to reveal at the same time that millions of users' passwords had been stored on the site in an unsecured manner.
On Thursday, Facebook added to a blog post from March 21 to let users know that instead of storing tens of thousands of Instagram passwords, as it had reported last month, the number of users affected by the privacy breach was in the millions. Facebook is the parent company of Instagram.
"Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format," wrote Pedro Canahuati, vice president of Engineering, Security and Privacy. "We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."
The stored passwords were found in January during a routine security check, according to Facebook. In March, when the breach was first announced, the company said the passwords were never visible to anyone outside of Facebook.
However, the passwords were stored in plain text--meaning employees could access and read the data. The company wrote that the passwords were not "internally abused or improperly accessed."
A number of critics noted that the revelation--which was shared in a nondescript blog post during a major news event--appeared to be orchestrated to attract as little attention as possible.
"That is how you news dump," wrote Alex Heath, a reporter who covers social media at Cheddar.
"Attempting to hide bad news can often backfire for a company," wrote Heather Kelly of CNN Business. "It could land during a quiet time when nothing else is going on and be a big story, or it could lead to reporters writing about a company's habit of trying to bury news before holidays."
The news of the password breach also coincided with reports that Facebook had "unintentionally" collected 1.5 million email contacts from users, without their consent, starting in May 2016.
Users were asked to enter their email addresses to verify their identities when signing up for Facebook, and during that process the company was able to gather their contacts "to improve Facebook's ad targeting, build Facebook's web of social connections, and recommend friends to add," according to Business Insider.
Facebook is currently under investigation by the Department of Justice and the Federal Trade Commission for its sharing of users' data with outside developers including Cambridge Analytica, a political consulting group with ties to President Donald Trump's 2016 campaign.
On Friday, the Washington Post reported that federal regulators are specifically targeting Facebook CEO Mark Zuckerberg in their probe of the company.
"The days of pretending this is an innocent platform are over," Roger McNamee, an early Facebook investor who has criticized the company over its privacy breaches and effects on U.S. democracy, told the Post, "and citing Mark in a large scale enforcement action would drive that home in spades."
In what critics described as a classic "news dump," Facebook appeared to take advantage of the Mueller report capturing the nation's attention to reveal at the same time that millions of users' passwords had been stored on the site in an unsecured manner.
On Thursday, Facebook added to a blog post from March 21 to let users know that instead of storing tens of thousands of Instagram passwords, as it had reported last month, the number of users affected by the privacy breach was in the millions. Facebook is the parent company of Instagram.
"Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format," wrote Pedro Canahuati, vice president of Engineering, Security and Privacy. "We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."
The stored passwords were found in January during a routine security check, according to Facebook. In March, when the breach was first announced, the company said the passwords were never visible to anyone outside of Facebook.
However, the passwords were stored in plain text--meaning employees could access and read the data. The company wrote that the passwords were not "internally abused or improperly accessed."
A number of critics noted that the revelation--which was shared in a nondescript blog post during a major news event--appeared to be orchestrated to attract as little attention as possible.
"That is how you news dump," wrote Alex Heath, a reporter who covers social media at Cheddar.
"Attempting to hide bad news can often backfire for a company," wrote Heather Kelly of CNN Business. "It could land during a quiet time when nothing else is going on and be a big story, or it could lead to reporters writing about a company's habit of trying to bury news before holidays."
The news of the password breach also coincided with reports that Facebook had "unintentionally" collected 1.5 million email contacts from users, without their consent, starting in May 2016.
Users were asked to enter their email addresses to verify their identities when signing up for Facebook, and during that process the company was able to gather their contacts "to improve Facebook's ad targeting, build Facebook's web of social connections, and recommend friends to add," according to Business Insider.
Facebook is currently under investigation by the Department of Justice and the Federal Trade Commission for its sharing of users' data with outside developers including Cambridge Analytica, a political consulting group with ties to President Donald Trump's 2016 campaign.
On Friday, the Washington Post reported that federal regulators are specifically targeting Facebook CEO Mark Zuckerberg in their probe of the company.
"The days of pretending this is an innocent platform are over," Roger McNamee, an early Facebook investor who has criticized the company over its privacy breaches and effects on U.S. democracy, told the Post, "and citing Mark in a large scale enforcement action would drive that home in spades."