Instagram security flaw potentially exposed passwords in website URLs

The flaw was in Instagram's 'Download Your Data' tool

Instagram will remove fake accounts

Instagram’s ‘Download Your Data’ tool reportedly had a flaw that revealed some users’ passwords.

According to a report from The Information, the tool potentially exposed passwords to public view. Further, the social network allegedly contacted affected users via email.

The emails told users of the ‘Download Your Data’ tool they may have had their passwords included in the website’s URL. Furthermore, the passwords were stored on Facebook computers.

At this point, the scope of the flaw is unknown. An Instagram spokesperson said the issue was discovered internally and affected a small number of people. Additionally, the social network claims it has already resolved the bug.

Instagram advises affected users to clear their browser history to prevent people from seeing the URL that included their password.

The company launched its Download Your Data tool in April to comply with the E.U.’s GDPR regulation. However, Instagram made the tool available worldwide. Users who submitted requests would receive an email from Instagram within 48 hours with a full copy of everything they’d shared on the social platform along with all the data the company had collected.

Source: The Information Via: 9to5 Mac