Facebook really can’t keep their act (or a stronger word) together, whether it’s with their own app or one of their properties. The “culprit” this time is Instagram as the photo and video sharing social network disclosed that a bug in their download tool has inadvertently exposed some of their users’ passwords as plaintext and were temporarily stored on their servers. While they were able to fix this problem already, the damage, at least to their reputation, has already been done.
A spokesperson from Instagram confirmed that their download tool, which lets users download all of their data, was affected by a bug which let their password be seen on a plaintext file. They clarified though that it only affected “a very small number of people”. As soon as they detected the bug, they were able to fix it so that the downloadable file did not reflect the password anymore.
They also clarified that all the password data of users are hashed and any of the information that was saved on Facebook’s servers because of the bug have already been deleted. And they also assured users that if you were affected, you were the only one who could see it technically, unless other people downloaded it for you. But of course that is still not reassuring enough especially for those who used the tool in a public WiFi or on a shared computer.
If you were one of those that were affected, you probably received an email from Facebook / Instagram, advising you to change your password. And even if you were the only one who saw the downloaded file, it would still be a good idea to just change your password. You can also enable two-factor authentication if you use Instagram on multiple devices, just to add another level of security.
It’s things like this that is making people wary of “trusting” Facebook again, as scandal after scandal and bug after bug has been affecting it and its other properties. While Instagram is relatively more well-liked than its parent app, this latest development may have tarnished its reputation a bit.
VIA: The Information