On Thursday, at just about the same time as the most highly anticipated government document of the decade was released in Washington D.C., Facebook updated a month-old blog post to note that actually a security incident impacted “millions” of Instagram users and not “tens of thousands” as they said at first.
Last month, Facebook announced that hundreds of millions of Facebook and Facebook Lite account passwords were stored in plaintext in a database exposed to over 20,000 employees.
“Since this post was [originally] published, we discovered additional logs of Instagram passwords being stored in a readable format,” Facebook said. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.”
A Facebook internal investigation concluded that the passwords were not “internally abused or improperly accessed.”
Aside from just being a generally bad bit of news to share with users, today’s revelation is a comparatively rare black eye for Instagram which has managed to avoid the intense scandals that plague its parent company. As people have become increasingly wary of Facebook and the younger generation avoids it like the plague, Instagram has managed to maintain a mostly positive relationship with users.
Let’s take a moment to appreciate the fine craftsmanship of releasing bad news — they were off by an order of magnitude — today. First, of course, the Muller Report means that very few people are paying attention to other news. But additionally, we’re leading into a holiday weekend which means there will be even less manpower and energy to take dive into Facebook’s announcement.
If you’re wondering how to secure your Facebook account, there are three priorities: Use unique passwords for every online account, enable two-factor authentication and check your Facebook account for suspicious activity.