On Friday, at just about the same time as the most highly anticipated government document of the decade was released in Washington DC, Facebook updated a month-old blog post to note that actually a security incident impacted “millions” of Instagram users and not “tens of thousands” as they said at first.
Last month, Facebook announced that hundreds of millions of Facebook and Facebook Lite account passwords were stored in plaintext in a database exposed to over 20,000 employees.
“Since this post was [originally] published, we discovered additional logs of Instagram passwords being stored in a readable format,” Facebook said. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.”
A Facebook internal investigation concluded that the passwords were not “internally abused or improperly accessed”.
Aside from just being a generally bad bit of news to share with users, this week’s revelation is a comparatively rare black eye for Instagram, which has managed to avoid the intense scandals that plague its parent company.
Let’s take a moment to appreciate the fine craftsmanship of releasing bad news — they were off by an order of magnitude — on Friday. First, of course, the Muller Report means that very few people were paying attention to other news. But additionally, we starting a holiday weekend which means there will be even less manpower and energy to take dive into Facebook’s announcement.
If you’re wondering how to secure your Facebook account, there are three priorities: Use unique passwords for every online account, enable two-factor authentication and check your Facebook account for suspicious activity.