Instagram’s download your data tool exposed users’ passwords to public view

Facebook somehow manages to make headlines one way or the other. Last week we were all praises for the social network for introducing the Unsend feature in the Messenger app and this week we are despising the company’s lack of interest in offering fool-proof security to its users after bug in Instagram’s download your data tool.

Reportedly, a flaw has been identified in the Facebook-owned Instagram’s recently rolled out Download Your Data tool. The flaw, The Information reports, can accidentally expose passwords of Instagram users. In fact, the report claims that many users might already have their passwords exposed to the public and the affected users have been notified by Instagram too.

For your information, the Download Your Data tool was launched in April amidst much hype and fanfare. The feature is supposed to send Instagram users a file containing the entire data that they’ve shared so far on Instagram. This includes photos, comments, and any other data. To receive your data on Instagram, you need to send a request to Instagram through the tool and within 48 hours you’ll receive a full copy of your data that you’ve shared on the platform and that the company has collected.

The tool was introduced to ensure compliance with Europe’s new data privacy regulations GDPR, but it’s available for Instagram users around the world. It is also stated that Facebook learned the lesson from the Cambridge Analytica fiasco, and designed Download Your Data feature to address users’ privacy concerns.

“Download Your Data’ lets users download all the data that Instagram has on them, both to comply with new European data-privacy regulations and to satisfy increasingly privacy-sensitive users around the world,” claims Instagram.

However, within a few months, we’ve come to know that the new feature itself isn’t too safe to use and might even expose your Instagram password. According to The Information, Instagram has informed its users that after using the new tool, their passwords got included in a webpage’s URL that’s linked to the new feature. That’s not all; the report reveals that Facebook’s computers also received and stored their passwords.

It’s too early to outline the scope of exposure at this point, but according to an Instagram spokesperson, the company discovered the issue “internally” and it has only affected a “very small number of people.” Furthermore, the spokesperson claims that the bug has been fixed already. The company urges users to change their password and clear their browser history so as to prevent exposure of their password in case someone sees that URL.

However, the concerning part is the security lapses involving Facebook have become way too frequent. The latest one is seriously unbelievable because it’s the tool’s primary responsibility to protect sensitive users’ data, which it failed at.

Facebook hasn’t been too proactive when it comes to the implementation of advanced security mechanisms, which does raise questions about its commitment to user privacy and data security. Have you also used the new tool? If you did, it’s time to check your inbox.

Related Posts