The admission arrived in a quiet update to a previous blog post that arrived at the exact time attorney general William Barr was giving a press conference on the release of the Mueller report and attention was drawn by those explosive findings.
In the controversial update, Facebook wrote that it had found that a privacy bug affected millions of Instagram users, meaning that their passwords would have been able to read without any of the protection usually offered by encryption.
The change was posted at 10am eastern time, just as the press conference by Mr Barr was finishing. That press conference began a day of intense interest in the findings of the Mueller report, released shortly after, meaning Facebook’s update was less scrutinised than it might otherwise have been.
Facebook also opted not to post a new bl
og post about the findings, instead disclosing the update by tweaking an old blog post, which was originally posted a month ago.
It had already disclosed that some passwords had been made available in plain text, allowing employees to search through them. But at the time it said only that tens of thousands of people had been affected.
It will inform the millions of users that were caught up in the attack, it said. Facebook claimed its investigation “determined that these stored passwords were not internally abused or improperly accessed”.
In March, when the privacy failure was first disclosed, it said the issue had affected “hundreds of millions” of Facebook Lite users and millions of Facebook users. Facebook Lite is designed for people with older phones or slow internet connections.