The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
Instagram is notifying users affected by the accidental exposure of plaintext passwords via its Download Your Data tool, which was ironically intended to preserve their privacy.
Download Your Data, a new feature introduced earlier this year, gives account holders a way to view all the information Instagram has: photos and videos shared, comments, and profile information, for example. The tool was developed amid privacy concerns following Facebook's Cambridge Analytica scandal and the rollout of General Data Privacy Regulation in Europe.
Unfortunately, Download Your Data may have exposed users' passwords, The Information reports. For a short period of time, users who logged in to the tool could see their password in the page's URL. The password was only exposed to the user but was stored on Facebook's servers – a problem for anyone on a shared machine or compromised network, Fortune notes.
Instagram has fixed the bug and has deleted saved passwords. Read more details here.
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024