Facebook has always been in news, be its new features, growing business or because of the man himself. The social-media platform has always managed to catch the top lines through its affirmative and productive news. But from past few months, actually for more than a year now, Facebook is in headlines for all negative reasons. Since the news of company’s data breach involving Cambridge Analytica broke, problems for Mark Zuckerberg don’t seem to end. Recently, Facebook owned Instagram reported a bug that exposed users’ password.
On 15th Nov’18, Instagram notified its users about the security glitch in ‘Download Your Data’ tool. To quote the statement of an Instagram spokesperson, the bug was “discovered internally and affected a very small number of people”. As per a report by The Information, the statement was released on 16th Nov’18. The reported flaw was that users’ password were being displayed in URL when they downloaded their data through the tool.
The ‘Download your Data’ feature was rolled out by the company in April month. The tool was introduced in order to implement the General Data Protection Regulation (GDPR) compliance by European law-makers. As per updates released by Instagram, the vulnerability has been fixed, yet the company has requested users to change their passwords for safety purpose. Agreeing with the updates by Instagram; Facebook also assured that Instagram has deleted any logged passwords.
As per Chet Wisniewski, principal research scientist at security firm Sophos, bugs like these occur when passwords were stored somewhere inside Instagram in plain text format. He further added that, if proper encryption techniques had been implemented, vulnerabilities like these would not have surfaced.
Instagram though reports that only few people were affected by the flaw and notifications were sent to all of them about the same. So those who didn’t receive any such notification by the company need not worry about their passwords. However, these users could have their credentials exposed had they used public networks or public devices. And if they use same passwords on other websites or apps, this issue could turn into a bigger problem.
Problems like these keep surfacing time-to-time and companies very swiftly solve them. Issues with these bugs are that we don’t expect such security flaws in databases, applications or networks of such big companies. An organization, be it big or small must always have security services at place. Cyber security companies like Kratikal provide end-to-end cyber security solutions. Focusing on all three aspects i.e., people, process and technology, of a firm’s security, Kratikal provides a complete suite of manual and automated VAPT services. Along with this, the company also provides security auditing services. Kratikal’s flagship product ThreatCop is an automated security attack simulator and awareness tool to automate the testing process providing real-time analysis of vulnerabilities. It also generates detailed reports regarding the product.