November 20, 2018

Instagram bug accidentally leaks passwords

Recently Instagram has notified to its some of the users their passwords might have been exposed because of a small security loop hole. According to The Information, the issue was found “discovered internally and affected a very small number of people.”

This bug is rolled out with the Instagram feature. Which was introduced last April where user can download their past instagram data, implemented right after European law makers roll out General Data Protection Regulation (GDPR). 

Instagram reported, whoever used this feature has their password included inside the Browser URL. Moreover the passwords was stored inside one of the Facebook server (Parent company of Instagram). One of the security researcher says, that password can be only readable if Instagram stores the user’s password in plain text. Which could be more serious security concern for Instagram. However one of the Instagram spoke person disputed this by saying company encrypts the stored passwords with salt and hashes.

Instagram now confimed that the issue is no more exists so their password is safe with Instagram, but as a safety and precaution they should change their passwords. an Instagram spokesperson says that “if someone submitted their login information to use the Instagram ‘Download Your Data’ tool, they were able to see their password information in the URL of the page. This information was not exposed to anyone else, and we have made changes so this no longer happens.”


Post a Comment