According to cyber forensics course experts from the International Institute of Cyber Security (IICS), a security error in Facebook affected more users of Instagram than the social network had mentioned in the beginning.
The social network updated a post on its blog (originally published last March 21) mentioning that, by mistake, it had been stored without any encryption passwords of hundreds of millions of users, adding that millions of accounts of the social network Instagram were also compromised.
According to the cyber forensics course specialists, in its original post Facebook stated that the passwords of “millions of Facebook users and some thousands of Instagram account holders” had been stored without encryption; the information was leaked due to the terrible security measures established by Facebook.
The announcement of the social network emerged on the same day as the U.S. Attorney General’s press conference, William Barr, regarding the publishing of the Robert Mueller’s special report on the alleged Russian intervention in the U.S. elections in 2016. Representatives of Fight for the future, NGO dedicated to the privacy rights defense, consider that with this Facebook tries to mitigate the media impact of this incident.
For companies that handle personal data belonging to their users/customers, storing their passwords with encryption is a standardized security practice because, even in case of a data breach, attackers cannot read or use the stolen passwords. In the case of Facebook, the company did not implement encryption to the millions of leaked passwords, so they could be used easily, mention the cyber forensics course specialists.
On the other hand, spokesmen for the social network insist that there is no evidence that the compromised passwords have been used by threat actors.
In the Robert Mueller’s report, published last Thursday, Facebook is mentioned over 80 times in relation to possible efforts to affect the results of the U.S. presidential election. A section of the report states that the Internet Research Agency, a group linked to the Russian government, paid around $100k USD to Facebook in exchange for about 3500 online ads.