Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users’ passwords in plain text.
The company recently started notifying affected users of a security bug that resides in a newly offered feature called “Download Your Data” that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform.
To prevent unauthorised users from getting their hands on your personal data, the feature asks you to reconfirm your password before downloading the data.
However, according to Instagram, the plaintext passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook’s servers due to a security bug that was discovered by the Instagram internal team.
The company said the stored data has been deleted from the servers owned by Facebook, Instagram’s parent company and the tool has now been updated to resolve the issue, which “affected a very small number of people.”
images from Hacker News