It’s been a busy week — it’s tough to keep up with all the cybersecurity news. We’ve collected some of the biggest cybersecurity stories from the week — from TechCrunch and afar — to keep you up to date with the latest hacks, privacy breaches and security stories you need to know.

Facebook now says its password leak affected ‘millions’ of Instagram users

TechCrunch: As all eyes were on attorney general William Barr giving his highly anticipated summary of the Mueller report out this week, Facebook was quietly updating a blog post it had published a month earlier, revising up the number of Instagram accounts affected by a years-long bug that stored passwords in plaintext. Facebook admitted that “millions” of accounts were affected and not “hundreds of thousands” as it had first estimated. It wasn’t a coincidence; it was a perfect opportunity for Facebook to bury bad news. CNN’s Donie O’Sullivan called it the “most cynical” thing Facebook has done since dropping its report detailing its role in a genocide in Myanmar the day before the U.S. midterm elections.

Utah bans police from searching digital data without a warrant

Forbes: Some good news for privacy advocates this week: a big Fourth Amendment loophole has been closed in the state of Utah. Previously, state law enforcement only required a subpoena to access someone’s digital content — including emails, pictures, video and audio — from internet and cloud providers. Now, following the introduction of HB 57, the Electronic Information or Data Privacy Act, police need a warrant based on probable cause. No more warrantless fishing expeditions allowed.

A mystery agent is doxing Iran’s hackers and dumping their code

Wired: Buried in the news this week was the startling revelation that someone — whose identity isn’t known — has begun spilling the secrets of an Iranian hacker group, known as OilRig or APT34, on a Telegram channel, according to Chronicle, Alphabet’s cybersecurity company. It would be a devastating breach of their operational security if true, only a couple of years after the Shadow Brokers stole and published highly classified hacking tools developed by the National Security Agency.

The Weather Channel knocked off the air for over an hour

Wall Street Journal: For over an hour on Thursday, The Weather Channel was brought offline by a ransomware attack. In a tweet, the channel said it restored its live programming after running through its backup systems. The FBI said it was investigating. It’s the latest ransomware incident hit a major company — from aluminum maker Norsk Hydro to drinks giant Arizona Beverages.

Mueller report: Hacked elections, encrypted messaging, troll farms and more

TechCrunch: After two years, the Special Counsel’s probe into Russian interference with the 2016 U.S. presidential election is over. TechCrunch covered the tech angles you need to know: from how Russian-backed hackers broke into the Hillary Clinton campaign, how the use encrypted messaging apps hindered the investigation, how successful Russia was in breaking into election systems, and what role its troll factory and disinformation had on the election.

FTC said to want to face-off with Mark Zuckerberg over privacy violations

Washington Post: Now more than ever, Facebook is under the watchful eye of the Federal Trade Commission. A report this week said the social media giant’s founder Mark Zuckerberg could also be in the agency’s crosshairs. It’s part of an ongoing effort to hold the company accountable since the Cambridge Analytica scandal, following which has been security incident after incident, amid claims of mismanaged consumer data and gross ethical violations.

Cybersecurity firm Verint hit by ransomware

ZDNet: Verint, a cybersecurity company, was also hit by ransomware this week. Described as an “extreme case of irony,” the company was forced to bring in a third-party security firm to handle the infection. It comes in the same week that Wipro, one of India’s largest outsourcing companies, was hit by hackers. The company initially denied the breach, but was challenged by the security reporter Brian Krebs — who broke the news — live on the company’s earnings conference days following the breach. Of course the call was recorded, forcing Wipro’s chief operating officer Bhanu Ballapuram to come clean.

Security flaw in French government messaging app exposed confidential conversations

TechCrunch: And finally, a security flaw was found in the French government’s own encrypted messaging app Tchap immediately after it launched. Security researcher Baptiste Robert created a user account — even though the service is restricted to government officials. The app, which uses the open-source Signal Protocol, inadvertently allowed access to non-government email addresses, exposing the app’s public channels.