The Information has just reported that Instagram has notified some users that their passwords may have been leaked due to security issues, according to The Information. A company spokesperson said the issue had been "discovered internally and affected a very small number of users".
Accordingly, the vulnerability of the departure password disclosure feature released by the company in April allowed users to download all their data, which was deployed after European lawmakers approved the General Data Protection Regulation (GDPR).
The vulnerability appears in the 'Detach save' feature, helping users to restore what they have shared on Instagram. But when using this feature, Instagram will send a link to Facebook, including both a username and password.
This is also a warning for users to take more solid security measures because even large apps like Instagram can have vulnerabilities right on the pre-implemented feature.
A security researcher said that this error can only occur when Instagram saves passwords in text, so this could be a huge security issue for the company. However, an Instagram spokesperson has denied that the company has steps to encrypt passwords safely.
Instagram said it has fixed the issue so that passwords won't be exposed and asked users to change their passwords as a preventative measure.
An Instagram spokesperson told The Verge that users' passwords have not been disclosed to anyone else and the company has taken changes to prevent the above situation from happening again.
