Instagram has recently patched a security issue in its website that
might have accidentally exposed some of its users' passwords in plain
text.
The company recently started notifying affected users of a security bug
that resides in a newly offered feature called "Download Your Data" that
allows users to download a copy of their data shared on the social
media platform, including photos, comments, posts, and other information
that they have shared on the platform.
To prevent unauthorized users from getting their hands on your personal
data, the feature asks you to reconfirm your password before downloading
the data.
However, according to Instagram, the plaintext passwords for some users
who had used the Download Your Data feature were included in the URL and
also stored on Facebook's servers due to a security bug that was
discovered by the Instagram internal team.
The company
said
the stored data has been deleted from the servers owned by Facebook,
Instagram's parent company and the tool has now been updated to resolve
the issue, which "affected a very small number of people."
Download Your Data was rolled out by Instagram in April to comply with
the new European data privacy regulations, General Data Protection
Regulation (GDPR), and to address the privacy concerns of users
worldwide amid Facebook's
Cambridge Analytica scandal.
Affected users are highly recommended to change their passwords and clear their browser history as soon as possible.
If you have not received any notification from the photo-sharing service
yet, it means your Instagram account and password are apparently not
affected by the bug. If you are still concerned about the privacy and
security of your account, you can also consider changing your password.
Users are also advised to enable two-factor authentication (2FA) and
always secure their accounts with a strong and unique password.
Facebook had recently addressed a much more severe
bug linked to its "View As" feature that was being actively exploited by unknown hackers to steal secret access tokens for
30 million Facebook users.
In late August, Instagram fixed another
severe flaw in its API
that unknown hackers exploited in the wild to gain access to the phone
numbers and email addresses for many "high-profile" users with verified
accounts.
In the same month, Instagram was also reportedly hit by a
widespread hacking campaign
that mysteriously locked out hundreds of users of their accounts with
their email addresses, account names, profile pictures, and passwords
changed.