Facebook-owned Instagram has discovered a security flaw within the service exposing users passwords. A spokesperson from the company told The Information that the issue was discovered internally and affected a very small number of people’.
The flaw was spotted in the ‘Download Your Data’ too, which was developed to comply with the EU GDPR regulations. For some users, it could have included their password in the URL of the link they’ve been sent to, um, download their data. If they were on a shared computer, that link would have exposed their password to people using it after them.
It’s strange to learn Instagram storing passwords in plain text which is deemed a bad practice, very bad to say the least. This one editor here has just requested his data and is waiting to see the URL.