November 18, 2018Swati Khandelwal
Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users’ passwords in plain text.
The company recently started notifying affected users of a security bug that resides in a newly offered feature called “Download Your Data” that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform.
ATTENTION: Click Here To Get Over $100,000 Money Transfer Through Bank Transfer Hackers!!!
ATTENTION: Get Your Hacked Western Union MTCN Transfer and Cash Out Over $2500 within minutes!!!
ATTENTION: Click Here For Your Blank/Cloned ATM Cards for ATM Cashout and Online Purchase!!!
To prevent unauthorized users from getting their hands on your personal data, the feature asks you to reconfirm your password before downloading the data.
However, according to Instagram, the plaintext passwords for some users
who had used the Download Your Data feature were included in the URL and
also stored on Facebook’s servers due to a security bug that was
discovered by the Instagram internal team.
The company said the stored data has been deleted from the servers owned by Facebook,
Instagram’s parent company and the tool has now been updated to resolve
the issue, which “affected a very small number of people.”
Download Your Data was rolled out by Instagram in April to comply with
the new European data privacy regulations, General Data Protection
Regulation (GDPR), and to address the privacy concerns of users
worldwide amid Facebook’s Cambridge Analytica scandal.
Affected users are highly recommended to change their passwords and clear their browser history as soon as possible.
If you have not received any notification from the photo-sharing service
yet, it means your Instagram account and password are apparently not
affected by the bug. If you are still concerned about the privacy and
security of your account, you can also consider changing your password.
Users are also advised to enable two-factor authentication (2FA) and
always secure their accounts with a strong and unique password.
Facebook had recently addressed a much more severe bug linked to its “View As” feature that was being actively exploited by unknown hackers to steal secret access tokens for 30 million Facebook users.
In late August, Instagram fixed another severe flaw in its API that unknown hackers exploited in the wild to gain access to the phone
numbers and email addresses for many “high-profile” users with verified
accounts.
In the same month, Instagram was also reportedly hit by a widespread hacking campaign that mysteriously locked out hundreds of users of their accounts with
their email addresses, account names, profile pictures, and passwords
changed.