Passwords of some Instagram users could have been exposed. This has been reported by the social network to certain users, stating that it has been a bug in one of the functions of the application. Likewise, from the social network they have reported that the error has been discovered internally and that it has affected “a very small number of people”.
“The password of certain users who used the Instagram data download was visible in the Instagram URL in its web version.”
The security breach was in a bug in an Instagram feature. In this case, the error was in the option to download all the data of a user, which was added in April to comply with the new data protection law of the European Union. This function, that we explain to you how to use in this article, allows to download all the data of the activity of a user in the social network: photos, comments, videos, etc …
According to the social network, the password of some users who used the option to download their personal data (which are stored on the Facebook servers, Instagram’s owner), appeared in the URL of their Instagram profile in the web version. Despite this exposure, according to the company, this information was only visible to users.
From the social network have reported that they have solved the problem, so that the passwords are no longer exposed. Even so, they recommend users who have used the function to download their data to change their passwords.
The bug, although apparently minor, could mean that Instagram stored the passwords of its users in the form of text, which could pose a security problem. This has been pointed out by some security researchers, to which a company spokesman has responded that the passwords are kept completely encrypted.