A Bug In Instagram's 'Download Your Data' Feature Can Accidentally Leak Your Account Password
It seems like Facebook just can¡¯t stop trippin over its own feet long enough to protect its customers. This past week, another lapse from Facebook-owned Instagram ended up revealing users¡¯ passwords, ironically thanks to a bug in a data privacy tool.
It seems like Facebook just can't stop tripping over its own feet long enough to protect its customers. This past week, another lapse from Facebook-owned Instagram ended up revealing users' passwords, ironically thanks to a bug in a data privacy feature.
To clarify, the glitch was reported in Instagram's 'Download Your Data' feature, which the social media app introduced in response to Europe's GDPR implementation. It lets a users view all the data Instagram has on them (used for advertising) and lets them download it. Unfortunately, it seems a bug in the tool exposed a "small number" of user passwords as plaintext.
Instagram confirmed the security lapse, detailing that some people that had used the tool to download their data had their password included in plaintext in the URL. Even worse, these passwords were then stored on Facebook's servers.
The company has insisted that only a small number of users were affected, and the bug was fixed once it was discovered internally. Additionally, all affected users have been warned about the leak, and been encouraged to change their passwords and clear their browser history. The information that was subsequently saved to Facebook servers has also been deleted.
Still, it's just another brick in the wall that may eventually collapse right on top of Facebook.