Instagram Data Download Tool Bug Exposes User Passwords

Instagram has witnessed a minor yet important privacy issue, exposing some of the user passwords. As per what The Information has reported, a security bug has caused exposure to the password of some users. The company officials say that the issue was found out internally and that the bug was fixed thereafter. It means that the particular bug would have caused serious issues for the user. The bug was found in a Data Download tool that Instagram had launched in April. This tool was made to help users download Instagram information in a single package, with compliance to GDPR.

The issue happened when someone tried to use the Instagram Data Download tool for downloading all data stored in the servers. Upon authentication, the Instagram URL used to show the username and password in the URL, which is not at all secure. Of course, the URL would be visible only for the user, but in the long run, the trend causes more issues. The Information pointed out the suspicion that Instagram is storing all user passwords in plain text and that it probably does not make use of encryption technologies. However, official words from Instagram have disputed this.

Instagram officials say that the service stores the password information via hashes, using one of the topmost encryption technologies. As per what the spokespersons have said, the information was gathered when the user enters the credentials. Nevertheless, as per the officials, the issue has been addressed and fixed and it is not observed by users as of now. It is, however, quite ironical that a feature that was launched to enhanced user-data control and privacy turned out to have a grievous privacy error that would compromise security of many users. As it can be guessed, although the URL is seen to the customer, someone who sneaks into a PC and finds the URL would also have the Instagram password.