Instagram just exposed some users' passwords: Here's what happened
Facebook's poor run with privacy doesn't seem to end. After suffering a major security breach (affecting 30 million) recently, the social network is once again under the radar over its data handling practices. The only difference is that this time it is not Facebook itself but its photo-sharing platform Instagram to blame. According to The Information, the platform recently exposed passwords of some users. Here's what happened.
How Instagram exposed passwords?
The exposure, as the report noted, stemmed from a bug tied to a feature in Instagram that lets users download their data. It was introduced in compliance with the new GDPR rules, but using it revealed passwords in the URL of some users' browsers. A spokesperson from the company said the issue was discovered internally and affected a "very" small number of people.
Here's what Facebook had to say
"Temporarily, if someone submitted their login information to use the Instagram 'Download Your Data' tool, they were able to see their password information in the URL of the page," the company said in a statement.
Fix now issued, affected users being notified
Instagram has now issued a fix for the bug, preventing it from exposing passwords anymore. The company has also notified users affected from the bug and advised them to change their passwords and clear their browser history. Though it says the passwords were not revealed to anyone else, possibility of account access remains open in the cases of shared computers or compromised networks.
Concerns over Instagram's data storage practices
According to a security researcher, who spoke to The Information, passwords can be exposed this way only when they're stored in plain text on the company's servers. This raises major security concerns of the company's data storage practices. Instagram, on its part, has denied these claims, noting that these passwords were stored in hashed form only.