Sunday , November 29 2020

Instagram: Bug reveals users' password in plain text



The hole is the tool to download your own Instagram data. It does not enter the password into the download, unencrypted link. In addition, Instagram accidentally stores user passwords on the Facebook servers.

Instagram has closed critical data. This is obvious from an email the company has sent to its users from last Thursday. According to Instagram users, their passwords have been made publicly in recent times by mistake.

Instagram (Image: Instagram)The error, according to The Information, lies in the tool that allows users to download all their data that has been stored on Instagram. It is intended that the tool also meets the Instagram obligation to provide information to its users in accordance with the Data Protection Regulation.

Users who want to download their data will receive an e-mail link. When it is opened in the browser, the previously created Instagram data will be downloaded. According to Instagram, however, the URL contained the user's password, which is visible to all in plain text. Therefore, a third party that had access to the browsing history had an opportunity to see the password.

According to the company, consumer passwords that have requested their data were unintentionally applied to servers Facebook store. Both problems were observed internally and it would have affected only a very small number of users, so Instagram further.

According to the report, experts now suspect Instagram security standards. For example, a Chet Wisniewski security researcher from Sophos explains that an unrecognized password can only appear in an Instagram-generated URL, even if it has stored unsubscribe somewhere on Instagram server. "This is a major concern for other security practices on Instagram, because that should not be possible. If that happens, there are likely to be more problems," The Information is quote the security researcher.

According to the Instagram mother of Facebook, the error has been installed. Instagram advises the affected ones not only to change their password, but also to erase the browser's history – because the URL with the plain text password must be available there.


Source link