New Instagram Bug exposed Users Passwords

Facebook has always been in news, be its new features, growing business or because of the man himself. The social-media platform has always managed to catch the top lines through its affirmative and productive news. But from past few months, actually, for more than a year now, Facebook is in headlines for all negative reasons. Since the news of the company’s data breach involving Cambridge Analytica broke, problems for Mark Zuckerberg don’t seem to end. Recently, Facebook-owned Instagram reported a bug that exposed users’ password.

On 15th Nov’18, Instagram notified its users about the security glitch in the ‘Download Your Data’ tool. To quote the statement of an Instagram spokesperson, the bug was “discovered internally and affected a very small number of people”. As per a report by The Information, the statement was released on 16th Nov’18. The reported flaw was that users’ password was being displayed in URL when they downloaded their data through the tool.

screenshot

The ‘Download your Data’ feature was rolled out by the company in April month. The tool was introduced in order to implement the General Data Protection Regulation (GDPR) compliance by European lawmakers. As per updates released by Instagram, the vulnerability has been fixed, yet the company has requested users to change their passwords for safety purpose. Agreeing with the updates by Instagram; Facebook also assured that Instagram has deleted any logged passwords.

As per Chet Wisniewski, a principal research scientist at security firm Sophos, bugs like these occur when passwords were stored somewhere inside Instagram in plain text format. He further added that, if proper encryption techniques had been implemented, vulnerabilities like these would not have surfaced.

Instagram though reports that only a few people were affected by the flaw and notifications were sent to all of them about the same. So those who didn’t receive any such notification by the company need not worry about their passwords. However, these users could have their credentials exposed had they used public networks or public devices. And if they use the same passwords on other websites or apps, this issue could turn into a bigger problem.

Problems like these keep surfacing time-to-time and companies very swiftly solve them. Issues with these bugs are that we don’t expect such security flaws in databases, applications or networks of such big companies. An organization, be it big or small must always have security services at the place. Cybersecurity companies like Kratikal provide end-to-end cyber security solutions. Focusing on all three aspects i.e., people, process and technology, of a firm’s security, Kratikal provides a complete suite of manual and automated VAPT services. Along with this, the company also provides security auditing services. Kratikal’s flagship product ThreatCop is an automated security attack simulator and awareness tool to automate the testing process providing real-time analysis of vulnerabilities. It also generates detailed reports regarding the product.

Leave a Reply