Tuesday, February 11, 2025
HomeCyber Security NewsInstagram Critical Bug Leaked User's Password Via its Data Download Tool

Instagram Critical Bug Leaked User’s Password Via its Data Download Tool

Published on

SIEM as a Service

Follow Us on Google News

Instagram introduced Download Your Data option last April, to let the user’s know what are the data collected. The feature was implemented in Instagram for GDPR compliance.

The bug was found in the Download Your Data tool, if the user uses the tool to download the data then it will be sent their password as a plain text in the URL and the passwords are stored on the Facebook servers.

A security researcher told Verge, “the Information that this would only be possible if Instagram stores its passwords in plain text, which could be a larger and concerning security issue for the company. An Instagram spokesperson disputed this, saying that the company hashes and salts its stored passwords.”

Instagram

An Instagram spokesperson said the issue only affected a smaller number of users and the users are notified to change the login credentials. If the tool was used in public network or in a shared computer it will pose some serious risks.

Now the Facebook-owned firm fixed the issue and told user’s to reset their login credentials, also the Instagram spokesperson confirmed information was not exposed to anyone else, and we have made changes so this no longer happens. The news was reported by The Information.

Recently facebook owned experienced a security breach, hackers steal more than 50 million accounts access tokens by exploiting a bug in “View As” a feature.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack

Apple has released emergency security updates to address a zero-day vulnerability, CVE-2025-24200, that has...

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack

Apple has released emergency security updates to address a zero-day vulnerability, CVE-2025-24200, that has...

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...