Skip to main content

Sign up for our newsletter.

Quality journalism. Progressive values. Direct to your inbox.

Corporate gatekeepers and big tech monopolists are making it more difficult than ever for independent media to survive. Please chip in today.

Facebook added to a blog post from March 21 on Thursday to let users know that instead of storing tens of thousands of passwords, as it had reported last month, the number of users affected by the privacy breach was in the millions. (Photo: Reuters)

With Nation Distracted by Mueller Report, Facebook Admits Millions of Users' Passwords Affected by Latest Privacy Breach

"That is how you news dump."

Julia Conley

In what critics described as a classic "news dump," Facebook appeared to take advantage of the Mueller report capturing the nation's attention to reveal at the same time that millions of users' passwords had been stored on the site in an unsecured manner.

On Thursday, Facebook added to a blog post from March 21 to let users know that instead of storing tens of thousands of Instagram passwords, as it had reported last month, the number of users affected by the privacy breach was in the millions. Facebook is the parent company of Instagram.

"Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format," wrote Pedro Canahuati, vice president of Engineering, Security and Privacy. "We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others."

The stored passwords were found in January during a routine security check, according to Facebook. In March, when the breach was first announced, the company said the passwords were never visible to anyone outside of Facebook.

However, the passwords were stored in plain text—meaning employees could access and read the data. The company wrote that the passwords were not "internally abused or improperly accessed."

A number of critics noted that the revelation—which was shared in a nondescript blog post during a major news event—appeared to be orchestrated to attract as little attention as possible.

"That is how you news dump," wrote Alex Heath, a reporter who covers social media at Cheddar.

"Attempting to hide bad news can often backfire for a company," wrote Heather Kelly of CNN Business. "It could land during a quiet time when nothing else is going on and be a big story, or it could lead to reporters writing about a company's habit of trying to bury news before holidays."

The news of the password breach also coincided with reports that Facebook had "unintentionally" collected 1.5 million email contacts from users, without their consent, starting in May 2016.

Users were asked to enter their email addresses to verify their identities when signing up for Facebook, and during that process the company was able to gather their contacts "to improve Facebook's ad targeting, build Facebook's web of social connections, and recommend friends to add," according to Business Insider.

Facebook is currently under investigation by the Department of Justice and the Federal Trade Commission for its sharing of users' data with outside developers including Cambridge Analytica, a political consulting group with ties to President Donald Trump's 2016 campaign. 

On Friday, the Washington Post reported that federal regulators are specifically targeting Facebook CEO Mark Zuckerberg in their probe of the company.

"The days of pretending this is an innocent platform are over," Roger McNamee, an early Facebook investor who has criticized the company over its privacy breaches and effects on U.S. democracy, told the Post, "and citing Mark in a large scale enforcement action would drive that home in spades."


Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.

We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.

After Kids Killed in Texas, Dems Declare 'Pass Gun Safety Legislation Now'

"Congress has a moral responsibility to end gun violence now," said Sen. Ed Markey. "To those who refuse to act, there are no excuses. Only complicity and shame."

Jessica Corbett ·


At Least 19 Children, 2 Adults Killed in Texas Elementary School Shooting

"This has become part of who we are as a country," said Julián Castro. "The free availability of guns has not made us safer in the United States or here in the state of Texas."

Brett Wilkins ·


House Dems to Pelosi: Hold Vote for Bill Expanding Social Security

"It is Congress' responsibility to ensure that Social Security's benefits are protected and improved," says a letter to the speaker. "It's time we deliver."

Jessica Corbett ·


Two Years After George Floyd Murder, Biden to Issue Executive Order on Police Reform

"The entire culture and mentality needs to change to bring these words to life, and to save lives," said one civil liberties advocate.

Julia Conley ·


'Wholesale Fraud' in Michigan Governor Race Could Disqualify GOP Candidates

"It looks like the Republican clown car may be losing a few occupants."

Jessica Corbett ·

Common Dreams Logo