Published: Mon, November 19, 2018
IT | By Lester Massey

Instagram security flaw potentially exposed passwords in website URLs

Instagram security flaw potentially exposed passwords in website URLs

"Temporarily, if someone submitted their login information to use the Instagram "Download Your Data" tool, they were able to see their password information in the URL of the page", the company said in a statement. However for users who accessed Instagram's "Download Your Data" feature on public computers with shared network could have exposed it majorly giving hackers a window to their profile.

Instagram's "Download Your Data" tool reportedly had a flaw that revealed some users' passwords.

Instagram has publicly addressed the issue, stating that only a small amount of users were affected and that the issue has been fixed so it won't happen again. The company also said that the passwords stored on Facebook's servers have also been deleted since the issue came into notice.


Security experts say that if the passwords were being securely stored that this should not have been possible, pointing to a deeper weakness. "If that's happening, then there are likely much bigger problems than that", he added. The leak "compromised the personal information of more than 30 million users, including gender, work, birthday and location" as reported by The Information.

Instagram has informed all users whose information was exposed by this bug. Users affected are encouraged to change their passwords and clear their browser history.

Like this: