Instagram has accidentally highlighted some user passwords using the data transfer tool


Instagram has notified some of its users that their password may be exposed due to a security bug, in accordance with Informations (via Engadget). The representative of the company says that the issue was "frankly internally and affected by very few people".

In this case, the error was related to the function published by the company in April, which allows users to transfer all of their data that are carried out after the European legislators developed their General Data Protection Regulation (GDPR). According to Instagram, some users who used this feature had passwords included in the URL in their web browser and that the passwords were stored on Facebook servers, the parent company of Instagram. A security researcher said Informations that this would only be possible if Instagram had saved passwords in plain text, which could be greater and would refer to a security problem for the company. Instagram's representative disputed this, saying that the chocolate and salt company had stored passwords.

Instagram says it has since set a function so that the passwords are not exposed, and tell users that they need to change their passwords as prudence. In The Verge, an Instagram representative says that "if someone submitted their login information to use Instagram" Data Transfer, "they could see their password information in the page's URL. This information was not exposed to anyone else and we make changes so that this does not happen anymore. "

Updated on November 17, 15:30 ET: The data of the Instagram representative regarding the security of passwords was included.


Source link