Instagram tool unintentionally exposed users passwords
Just like many other sites users have the option of downloading their data, the same way Instagram users were also asking for such an option. The new Download Your Data tool that let the users get that information may have left some users passwords exposed.
Instagram’s spokesperson said that the issue was “discovered internally and affected a very small number of people.”
As of Instagram, only some users are affected by this those who used that feature had their passwords included in a URL in their web browser and those passwords were stored on the Facebook’s servers.
According to some security experts, this type of issue is only possible if Instagram keeps the passwords of users in the plain text, which could a very big and concerning security issue for the company. But it was denied by Instagram’s spokesperson.
The Instagram spokesperson said that :
“Temporarily, if someone submitted their login information to use the Instagram “Download Your Data” tool, they were able to see their password information in the URL of the page. This information was not exposed to anyone else, and we have made changes so this no longer happens”
This tool has been since updated by the Instagram so this bug will no longer occur, and Instagram is deleting any logged passwords.
The users who are affected by this bug are advised to change their passwords and clear their browser history.