Instagram passwords of some users could have been exposed by a serious security leak. As per a report from The Information, the bug was tied to Instagram’s “Download Your Data” tool that it introduced in April this year in wake of the European Union’s General Data Protection Regulation (GDPR), which came into effect from May 25.
A spokesperson from the company has confirmed the leak and said in a statement to The Information (via The Verge) that only a “small number of people” have been impacted. The company has confirmed to The Verge that this information was not exposed to anyone else. The Facebook-owned company has apparently informed users whose passwords were leaked and those who have not been informed remain unaffected.
As per the company, passwords of some users who used the “Downloaded Your Data” feature were included in a URL in their web browser. These passwords were saved on Facebook’s servers. Instagram has reportedly fixed the feature, but has advised users to change their passwords as a precautionary measure.
Instagram is one of the largest social media platforms with close to 700 million users globally. This is not the first time that Instagram has suffered a security leak, compromising personal data of its users. In September this year, the company discovered a bug that could be used to gain access to users’ email addresses and phone numbers.
According to a blog post by Mike Krieger, co-founder and CTO, Instagram, even phone numbers and email addresses of those who’d made the information private could have been stolen.