Uncategorized

Instagram Critical Bug Leaked User’s Password Via its Data Download Tool

Instagram introduced Download Your Data option last April, to let the user’s know what are the data collected. The feature was implemented in Instagram for GDPR compliance.

The bug was found in the Download Your Data tool, if the user uses the tool to download the data then it will be sent their password as a plain text in the URL and the passwords are stored on the Facebook servers.

A security researcher told Verge, “the Information that this would only be possible if Instagram stores its passwords in plain text, which could be a larger and concerning security issue for the company. An Instagram spokesperson disputed this, saying that the company hashes and salts its stored passwords.”

An Instagram spokesperson said the issue only affected a smaller number of users and the users are notified to change the login credentials. If the tool was used in public network or in a shared computer it will pose some serious risks.

Now the Facebook-owned firm fixed the issue and told user’s to reset their login credentials, also the Instagram spokesperson confirmed information was not exposed to anyone else, and we have made changes so this no longer happens. The news was reported by The Information.

Recently facebook owned experienced a security breach, hackers steal more than 50 million accounts access tokens by exploiting a bug in “View As” a feature.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of…

4 minutes ago

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

16 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

16 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

19 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

22 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

23 hours ago