Kurt Wagner, writing for Recode:
On the same morning Special Counsel Robert Mueller’s report on
Russian election interference finally became public, Facebook
dropped some troubling news: Millions of Instagram users’
passwords were accidentally stored unencrypted on Facebook’s
servers, which means Facebook employees could access them.
Facebook first announced late last month that it had stored
hundreds of millions of user passwords unencrypted on its servers,
a massive security problem. At the time, it said that “tens of
thousands” of Instagram passwords were also stored in this way.
On Thursday morning, Facebook updated its blog to say that,
actually, “millions” of Instagram users, not “tens of thousands,”
Since this post was published, we discovered additional logs of
Instagram passwords being stored in a readable format. We now
estimate that this issue impacted millions of Instagram users. We
will be notifying these users as we did the others. Our
investigation has determined that these stored passwords were not
internally abused or improperly accessed.
Me, a year ago, regarding Facebook’s initial public estimate of the number of accounts harvested by Cambridge Analytica:
Do you want to bet it’s actually a lot more than 87 million, and
they’ll announce that bigger number in a few weeks? The
drip-drip-drip PR strategy is an old trick, and Facebook utilizes
it every time they have bad news involving a number of users.
First they announce a low number, then a higher number, and then
an even higher number. Notice that their mistakes always — always
— start low and then go high. They never once announce that their
original number was too high.
The fact that they announced this update number the same day the Mueller report was released is not a coincidence. PR is PR and every company looks to put bad news in as good a light as possible. But most companies don’t outright lie the way Facebook continuously does. They completely lack credibility at this point.
★ Thursday, 18 April 2019