DIY Photography

Your one stop shop for everything photo-video

  • News
  • Inspiration
  • Reviews
  • Tutorials
  • DIY
  • Gear
Search

Submit A Story

A major Instagram security bug leaked users passwords as plain text

Mar 22, 2019 by John Aldred 1 Comment

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

According to a report on The Information Instagram has experienced a pretty major security bug which allowed user passwords to be displayed in plain text. The issue arose, ironically, over the feature which allows users to see exactly what personal data Instagram has collected about them. Yes, the “Download your data” feature could potentially let anybody download your data, if you access the feature on a public computer, thanks to the bug.

The Download your Data feature was introduced last April in order to comply with new European data privacy regulations (the GDPR) as well as to keep users around the world, who are becoming more and more security & privacy conscious since the Facebook revelations over the last couple of years.

The confirmation from Instagram that you have requested to download your personal data.

The Download your Data feature, as the name suggests, allows you to download all the information Instagram has on you. Essentially, you submit your request, and all your data is packaged up and a link is emailed to you. The problem was, after submitting the firm, your password was then shown in plain text in the URL of the next page after you submit. This means that if you used the feature on a public computer or if anybody had access to your personal computer after you made the request, they would be able to pull up the history and see your Instagram password right there.

As the headline on The Information says, this “raises security questions”. The biggest of which is “What the hell is anybody doing storing plain text passwords these days?!!?”. Such an incident should never be allowed to occur in the first place.

Most websites on the Internet today use some form of one-way encryption. When you create your password, it is “salted” (it has some other kind of data attached to the beginning and/or end of it) then it is encrypted using one-way encryption that can’t be decrypted. This encrypted code is then stored in the database. When you come back to visit the website and enter your password in the future, it, too, is salted, encrypted and then compared to the encrypted string in the database.

Your plain text password is never stored, anywhere. This is why most websites today are unable to just send you your password and just send you a new one. It’s why tech support places can’t see your password and why companies say you should never give it out to anybody, even them.

If Facebook is using plain text passwords on any part of its platform or services then that is a huge security issue.

Facebook sent out a message to some Instagram users informing them of the issue and they have since changed the way the Download Your Data tool works to eliminate the bug, but Instagram users have been told to update their passwords and clear their browsing history.

They haven’t said how many users this potentially affects, but the bug was initially reported on in November 2018. While this is an older bug, if you’ve used the Download Your Data feature at all since it was introduced last April, I’d probably follow that advice if I were you. And it serves as a reminder to constantly be aware of security issues and not use the same password on multiple sites.

[via DPReview]

FIND THIS INTERESTING? SHARE IT WITH YOUR FRIENDS!

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Related posts:

Twitter urges all users to change their passwords after major security bug Major Photos API bug on Facebook exposed 6.8 million users private photos 500px demands users reset their passwords after data breach Biker shooting a 20 stairs BMX jump confronts security and removes security cart (with guard) from road

Filed Under: news Tagged With: Instagram

John Aldred: from diyphotography.net

About John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

« These haunting photos of abandoned places across Europe show the beauty of decay
The problem isn’t the photo contest, it’s us »

Submit A Story

Get our FREE Lighting Book

DIYP lighting book cover

* download requires newsletter signup

Recent Comments

Free Resources

Advanced lighting book

Learn photography

Recent Posts

  • Holiday Gift Guide – Our favourite gadgets and accessories of 2023
  • Stability AI’s new AI generator creates images faster than you imagine them
  • AstrHori new 28mm f/13 2x Macro Periscope lens sees round corners
  • Sony World Photography Awards under fire for age limitations in Student contest
  • 5 ways to find inspiration when the weather is sad and grey

Udi Tirosh: from diyphotography.netUdi Tirosh is an entrepreneur, photography inventor, journalist, educator, and writer based in Israel. With over 25 years of experience in the photo-video industry, Udi has built and sold several photography-related brands. Udi has a double degree in mass media communications and computer science.

Alex Baker: from diyphotography.netAlex Baker is a portrait and lifestyle driven photographer based in Valencia, Spain. She works on a range of projects from commercial to fine art and has had work featured in publications such as The Daily Mail, Conde Nast Traveller and El Mundo, and has exhibited work across Europe

David Williams: from diyphotography.netDave Williams is an accomplished travel photographer, writer, and best-selling author from the UK. He is also a photography educator and published Aurora expert. Dave has traveled extensively in recent years, capturing stunning images from around the world in a modified van. His work has been featured in various publications and he has worked with notable brands such as Skoda, EE, Boeing, Huawei, Microsoft, BMW, Conde Nast, Electronic Arts, Discovery, BBC, The Guardian, ESPN, NBC, and many others.

John Aldred: from diyphotography.netJohn Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Dunja Djudjic: from diyphotography.netDunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Copyright © DIYPhotography 2006 - 2023 | About | Contact | Advertise | Write for DIYP | Full Disclosure | Privacy Policy