Instagram notified some of its users that their password could have been set due to a security error, according to Information (via Engadget). A spokeswoman for the company said the problem was “found inside the country and affected by a very small number of people.”
In this case, the error was tied to the function that the company rolled out in April, which allows users to download all their data implemented after European lawmakers rolled out their General Data Protection Rule (GDPR). According to Instagram, some users who used this feature had their passwords included in the URL in their web browser and that the passwords are stored on the servers of Facebook, the parent company of Instagram. Security researcher said Information that this would be possible only if Instagram saves its passwords in plain text, which can be large and is associated with a security problem for the company.
Instagram says that it has since fixed this feature so that the passwords are not exposed, and told users that they need to change their passwords as a precaution. In a statement from The Verge, an Instagram spokeswoman says that “if someone submitted their login information to use Instagram’s Upload Your Details tool, they could see their password information in the URL of the page. This information was not disclosed to anyone else, and we made changes to prevent this from happening again. ”