Skip to main content

Instagram tool accidentally exposes user passwords. Were you affected?

The Instagram tool that allows users to download a copy of their data from the social media platform had a security flaw that accidentally leaked passwords in plain text.

In April, Facebook-owned Instagram rolled out a Download Your Data tool that sends users a file containing all the pictures, comments, and other information that they have shared on the platform. The feature was rolled out to comply with new data privacy regulations in Europe and to address the privacy concerns of users around the world amid Facebook’s Cambridge Analytica scandal.

Recommended Videos

Unfortunately, the Download Your Data tool contained a security issue that also sent users their passwords in plaintext in the URL, The Information reported. In addition, for some reason, the passwords were also stored on Facebook’s servers, though they have since been deleted.

The security issue of the Download Your Data tool, which has already been fixed, only affected a “small number of people,” a spokesperson told The Information. However, these users may have had their Instagram passwords exposed if they were using a shared computer, or if they were on a compromised network. If they use the same password on other websites or apps, then the security issue becomes a bigger problem.

Instagram sent notifications to the users who were affected by the vulnerability, so those who were not contacted should not worry about their account passwords being compromised. However, for all Instagram users who recently utilized the Download Your Data tool, changing your password or activating two-factor authentication would not hurt, just to be sure.

The newly exposed bug follows a strange Instagram hack in August that locked users out of the platform because their account information, particularly their password, mobile number, and email address, were changed. In several cases, the emails linked to the compromised accounts were changed to Russian emails. The accounts, however, did not share new images, nor did they delete old ones.

Instagram hacks come in several different forms, and users will need to perform specific actions to recover their Instagram accounts. Here is a guide on what to do if you suddenly find yourself a victim of Instagram hacks, so that you can get your account back.

Aaron Mamiit
Aaron received an NES and a copy of Super Mario Bros. for Christmas when he was four years old, and he has been fascinated…
Samsung Galaxy Z Flip 7: the upgrade we’ve been waiting for?
Thre Flip 7 models next to each other

I never really thought that I'd want to go down the route of owning a flip phone, ever since I swore off my Nokia in the early 2000s (you know, the one with the weird felt covering and tiny notification window).

Fast forward two decades, and I'm considering rejoining the race, thanks to the Samsung Galaxy Z Flip 7. Coming in at $1,100, it's not cheap, but it's definitely something different compared to the world of black rectangles, and it it feels like Samsung’s Flip family has finally come of age.

Read more
I used the Galaxy Z Fold 7, here’s why I’m completely smitten
The back of the Galaxy Z Fold 7

We’ve waited several years for Samsung to join the party, but it’s finally here: Samsung has followed rivals like Oppo, OnePlus, and Honor in building a thinner, lighter, and sleeker Galaxy Z Fold 7. It’s an impressive feat of engineering and a major upgrade over previous years.

It’s easy to consider the Fold 7 nothing more than an update to the Galaxy Z Fold 6, but in many ways, it feels like a huge step forward, not just for Samsung but for all folding phones. I spent a few hours with the Galaxy Z Fold 7 in an exclusive preview, and here’s why I absolutely love what Samsung has done this year.

Read more
I tried the Samsung Galaxy Watch 8 series – they’re sleek, but with a lot to prove
Watch 8 on a wrist

Trying out the Samsung Galaxy Watch 8 and Watch 8 Classic is a tough gig - not in terms of it being a hardship to try out two high-end models, but that it's impossible to assess them with only 30 minutes’ use.

I can easily talk about the improved design and the fit of the straps etc, but the real changes are within the health ecosystem, and they'll need sustained testing to really understand if they're any good.

Read more