Instagram bug inadvertently exposed some users' passwords

The company notified those impacted by a problem with its data download tool.

According to The Information, Instagram has suffered a serious security leak of its own that could've exposed user's passwords. While Facebook recently had a much more serious problem linked to its "View As" tool that was being actively exploited by... someone, the Instagram issue is linked to its tool that allows users to download a copy of their data.

Facebook notified affected Instagram users that when they utilized the feature, it sent their password in plaintext in the URL. For some reason, these passwords were also stored on Facebook's servers, however the notification said that data has been deleted and the tool was updated so it won't happen now.


In a statement to The Information, a spokesperson said the issue only impacted a "small number of people" although if those people were using a shared computer, or on a compromised network then it could've left their account info wide open. If you haven't been notified then your account apparently was unaffected, but it's still a troubling gap left in the hole of security, especially on something as important as passwords. While everyone should be using unique password managers for every site and service (if you need a password manager to keep up with them, then that's the way to go, meanwhile you cna enable two-factor authentication on Instagram as described here), not everyone does and an exposure of this kind is just another troubling episode to hit Facebook.