Home Hacking News Instagram Patched A Data Download Tool Bug That Exposed Users Passwords

Instagram Patched A Data Download Tool Bug That Exposed Users Passwords

by Abeerah Hashim
Instagram retained data after deletion

Instagram seems to have followed its parent company as it endured another major problem affecting user accounts. Reportedly, Instagram has recently fixed a serious problem in one of its features; the glitch existed in Instagram’s data download tool that inadvertently exposed users’ passwords.

Instagram Patch Data Download Tool Vulnerability

Recently, The Information reported a serious bug in Instagram that compromised users’ account security. The news surfaced online after Instagram informed that affected users of the security flaw. As revealed, an Instagram glitch in one of its prominent features exposed users’ passwords publicly.

Reportedly, the glitch existed in the “download your data” feature that made users’ passwords appear in the URL on their browsers’ address bar. Though the glitch may seem minor, it posed a security threat if the users logged in to Instagram on public computers. This bug made passwords publicly visible.

Fortunately, Instagram already patched the bug that allegedly affected a small number of users. According to the email statement by an Instagram spokesperson, shared by Gizmodo,

“Temporarily, if someone submitted their login information to use the Instagram ‘Download Your Data’ tool, they were able to see their password information in the URL of the page,” the company said in a statement. “This information was not exposed to anyone else, and we have made changes so this no longer happens.”

The Story Doesn’t End Here…

If you now feel relaxed after knowing the bug has been fixed by Instagram, then keep reading. According to The Information, the problem with Instagram’s security didn’t remain limited to that glitch. Rather, the other issue puts a question mark on Facebook’s security measures. According to Chet Wisniewski, Principal Research Scientist at Sophos, the appearance of plain text passwords in the URLs indicates that Facebook may have stored the passwords somewhere inside Instagram without proper encryption.

Nonetheless, according to The Verge, an Instagram spokesperson has denied this speculation by emphasizing that the firm stores hashed and salted passwords.

While Instagram confirms patching the bug, it also advises the users to change their passwords as a precaution. Although, for now, the issue seems resolved, yet, no one can deny the fact that Instagram has become a repeated victim of such problems. Not much time has passwords since a wave of account hacks affected a large number of Instagram users. Some of them even lost access to their accounts permanently. Whereas, some high profile accounts also faced such troubles in the following wave too.

Let us know your thoughts in the comments section.

You may also like