On the similar morning Particular Counsel Robert Mueller’s report on Russian election interference lastly became public, Facebook dropped some troubling news: Millions of Instagram users’ passwords had been accidentally stored unencrypted on Facebook’s servers, which indicates Facebook personnel could access them.
Facebook very first announced late final month that it had stored hundreds of millions of user passwords unencrypted on its servers, a huge safety difficulty. At the time, it stated that “tens of thousands” of Instagram passwords had been also stored in this way.
On Thursday morning, Facebook updated its weblog to say that, really, “millions” of Instagram customers, not “tens of thousands,” had been impacted:
Considering the fact that this post was published, we found extra logs of Instagram passwords becoming stored in a readable format. We now estimate that this concern impacted millions of Instagram customers. We will be notifying these customers as we did the other folks. Our investigation has determined that these stored passwords had been not internally abused or improperly accessed.
A Facebook spokesperson pointed Recode to the update and reiterated that “there is no proof of abuse or misuse of these passwords.” But the timing of the update — once more, in the course of the release of Mueller’s report — does not convey the message that Facebook cares strongly that customers are conscious of this concern.
Facebook is beneath investigation by many government agencies, like the FTC and the DOJ, for its information collection and privacy practices. It is unclear if problems like unencrypted password storage could play a part in these investigations, but it is not a great appear regardless for a organization that is currently struggling mightily with user trust.