In old blog post, Facebook updates ‘millions’ of Instagram passwords compromised

In old blog post, Facebook updates ‘millions’ of Instagram passwords compromised
FILE - This July 16, 2013 file photo shows a sign at Facebook headquarters in Menlo Park, Calif. (AP Photo/Ben Margot, File) (Source: Ben Margot)

(Gray News) - On one of the busiest news days of the year, Facebook made an addition to a month-old blog post to say that millions of Instagram user passwords had been compromised.

The Mercury News reported the information Thursday evening.

The March 21 Facebook Newsroom post, by security VP Pedro Canahuati, initially stated the company stored millions of its users’ passwords in plain text for years, left accessible to its employees.

Canahuati had said in March they would notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users and tens of thousands of Facebook-owned Instagram users.

"Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format," said the company in Thursday's blog update. "We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."

Facebook maintains there was no evidence any of the passwords were improperly accessed.

The new post dropped Thursday around 10 a.m. ET, soon after most news viewers started watching Attorney General William Barr’s news conference on the Robert Mueller report. Barr released the long-awaited findings from the special counsel on the investigation into Russia’s election meddling, and possible ties to the Trump campaign, around 11 a.m.

Facebook founder Mark Zuckerberg did not post Thursday from his profile about the Instagram security flaw, as he has done in prior instances.

Mercury News asked Facebook about the timing of the update. A company representative responded it had recently learned of the exposed passwords and had been preparing to notify people.

"We want to be clear that we simply learned there were more passwords stored in this way," the company said.

The social media giant earlier in the week admitted it had collected more than 1 million of its users' email contact lists. That followed multiple recent instances where Facebook was forced to admit other security flaws, privacy invasions, failures to remove hate speech and its aid in spreading misinformation.

Copyright 2019 Gray Television Group, Inc. All rights reserved.