By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Kurt Wagner, writing for Recode:
On the same morning Special Counsel Robert Mueller’s report on Russian election interference finally became public, Facebook dropped some troubling news: Millions of Instagram users’ passwords were accidentally stored unencrypted on Facebook’s servers, which means Facebook employees could access them.
Facebook first announced late last month that it had stored hundreds of millions of user passwords unencrypted on its servers, a massive security problem. At the time, it said that “tens of thousands” of Instagram passwords were also stored in this way.
On Thursday morning, Facebook updated its blog to say that, actually, “millions” of Instagram users, not “tens of thousands,” were impacted:
Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed.
Me, a year ago, regarding Facebook’s initial public estimate of the number of accounts harvested by Cambridge Analytica:
Do you want to bet it’s actually a lot more than 87 million, and they’ll announce that bigger number in a few weeks? The drip-drip-drip PR strategy is an old trick, and Facebook utilizes it every time they have bad news involving a number of users. First they announce a low number, then a higher number, and then an even higher number. Notice that their mistakes always — always — start low and then go high. They never once announce that their original number was too high.
The fact that they announced this update number the same day the Mueller report was released is not a coincidence. PR is PR and every company looks to put bad news in as good a light as possible. But most companies don’t outright lie the way Facebook continuously does. They completely lack credibility at this point.
★ Thursday, 18 April 2019