Instagram has notified some of its users that their passwords may have been compromised due to a security bug, according to information (via Engadget). A spokesman for the company says that the issue was "detected internally and affected a very small number of people."
In this case, the bug was linked to a function that the company rolled out in April, enabling users to download all their data, implemented after European legislators have rolled out their General Data Descriptive Regulation (GDPR). According to Instagram, some users who used that feature had their password included in a browser URL and that the passwords were stored on Facebook's servers, Instagram's parent company. A security scientist told information that this would only be possible if Instagram stores its passwords in plain text, which could be a major and concern for the company's security issues. An Instagram spokesman contests this saying that the company is hacking and salting its stored passwords.
Instagram says that it has then fixed the feature so that passwords will not be exposed and tell users to change their passwords as a precaution. In a statement to The Verge, an Instagram spokesman states that "if someone left the login information to use the Instagram" Download Your Data "tool, they could see their password information in the URL of the page. This information was not exposed to anyone else and we have done changes so this no longer happens. "
Updated November 17, 3:30 ET: Includes information from Instagram spokesman regarding password protection.