News

Instagram Exposed Some User Passwords Through its Data Download Tool

According to The Information (via Engadget), Facebook-owned Instagram recently notified some of its users about their password being exposed due to a potential security bug. A spokesperson of Instagram said that this issue was “discovered internally and it has affected a very small number of people.

This potential security bug was a result of one of Instagram’s feature which was rolled out to the users in April, that allowed users to download all of their data, which was implemented after the European lawmakers rolled out their General Data Protection Regulation (GDPR). According to Instagram, some users who used this feature ended up getting their passwords included in a URL into their web browser, instead, those passwords had been stored on Facebook’s servers, which is Instagram’s parent company. A security researcher told The Information that this would have only been possible if Instagram allowed storage of its passwords in plain text. This definitely seems to pose a large and concerning security threat to the company. A spokesperson of Instagram refused this and claimed that the company hashes and salts its stored passwords.

After all of this, Instagram said that it has fixed the bug in the feature so that passwords will further not be exposed, and also told users to change their passwords, just as a means of precaution.

In a statement to The Verge, an Instagram spokesperson said- “if someone submitted their login information to use the Instagram ‘Download Your Data’ tool, they were able to see their password information in the URL of the page. This information was not exposed to anyone else, and we have made changes so this no longer happens.

Tags
Show More

Smriti Satyan

Smriti is a computer science engineer from NIE, Mysore. She is currently working as a freelancer. Her interests include blogging, writing, music and technology. She has been writing content for various websites past 2 years which include technology and general content. Email: Smriti@wiseawareness.com

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Close