Instagram leaks passwords belonging to some members in plaintext

Yolanda Curtis
November 19, 2018

According to a report on The Information, Facebook-owned Instagram has a flaw in "Download Your Data" tool, which inadvertently exposed passwords of some users. "Temporarily, if someone submitted their login information to use the Instagram "Download Your Data" tool, they were able to see their password information in the URL of the page", the company said in a statement. As the name suggests, it allows users to download all of the information that Instagram has on them. Due to the security bug, the link also included the users' account password information erroneously, compromising the user's privacy. These passwords were saved on Facebook's servers. Facebook also confirmed that the security bug has affected only a small number of users.

He said the only way it could show up in the URL is if the password were stored somewhere inside of Instagram in plain text, which isn't recommended in the security industry. "If that's happening, then there are likely much bigger problems than that", he added.

At this point, the scope of the flaw is unknown. In addition, all affected users have been contacted and warned to change their password as well as clear their browser's history.

The Information previously reported that Facebook is in the market to acquire a security company to beef up its defenses against hackers and try to avoid these kinds of mistakes.

A couple of months back, Facebook suffered a huge security breach that affected nearly 50 million accounts.

Other reports by iNewsToday