Instagram accidentally exposed some user passwords through its data download tool

Instagram has notified some of its users that their password might have been exposed due to a security bug, according to The Information (via Engadget). A spokesperson for the company says that the issue was “discovered internally and affected a very small number of people.” In this instance, the bug was tied to a feature that the company rolled out in April that allows users to download all of their data, implemented after European lawmakers rolled out its General Data Protection Regulation (GDPR). According to Instagram, some users who used that feature had their passwords included in a URL in their web browser, and that the passwords were stored on Facebook’s servers, Instagram’s parent company. A security researcher told The... Continue reading…