Is Facebook using the Mueller report as a distraction to hide its latest massive scandal?
In what critics described as a classic "news dump," Facebook appeared to take advantage of the Mueller report capturing the nation's attention to reveal at the same time that millions of users' passwords had been stored on the site in an unsecured manner.
On Thursday, Facebook added to a blog post from March 21 to let users know that instead of storing tens of thousands of Instagram passwords, as it had reported last month, the number of users affected by the privacy breach was in the millions. Facebook is the parent company of Instagram.
"Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format," wrote Pedro Canahuati, vice president of Engineering, Security and Privacy. "We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."
The stored passwords were found in January during a routine security check, according to Facebook. In March, when the breach was first announced, the company said the passwords were never visible to anyone outside of Facebook.
However, the passwords were stored in plain text—meaning employees could access and read the data. The company wrote that the passwords were not "internally abused or improperly accessed."
A number of critics noted that the revelation—which was shared in a nondescript blog post during a major news event—appeared to be orchestrated to attract as little attention as possible.
"That is how you news dump," wrote Alex Heath, a reporter who covers social media at Cheddar.
That is how you news dump.— Alex Heath (@Alex Heath)1555610578.0
This blog post title is like if you were announcing your divorce with the title “Keeping Marriage Secure"— Alex Heath (@Alex Heath)1555611423.0
So Facebook chooses the busiest news day of the year to drop an announcement that millions of Instagram passwords h… https://t.co/1Ww9uZuAY3— Ethan DeWitt (@Ethan DeWitt)1555674600.0
"Attempting to hide bad news can often backfire for a company," wrote Heather Kelly of CNN Business. "It could land during a quiet time when nothing else is going on and be a big story, or it could lead to reporters writing about a company's habit of trying to bury news before holidays."
The news of the password breach also coincided with reports that Facebook had "unintentionally" collected 1.5 million email contacts from users, without their consent, starting in May 2016.
Users were asked to enter their email addresses to verify their identities when signing up for Facebook, and during that process the company was able to gather their contacts "to improve Facebook's ad targeting, build Facebook's web of social connections, and recommend friends to add," according to Business Insider.
Remember when we learned Facebook was asking some new users for email passwords for the stated purpose of "verifica… https://t.co/D3wY1rIOYa— EFF (@EFF)1555621566.0
Facebook is currently under investigation by the Department of Justice and the Federal Trade Commission for its sharing of users' data with outside developers including Cambridge Analytica, a political consulting group with ties to President Donald Trump's 2016 campaign.
On Friday, the Washington Post reported that federal regulators are specifically targeting Facebook CEO Mark Zuckerberg in their probe of the company.
"The days of pretending this is an innocent platform are over," Roger McNamee, an early Facebook investor who has criticized the company over its privacy breaches and effects on U.S. democracy, told the Post, "and citing Mark in a large scale enforcement action would drive that home in spades."