Security Gap Found in Facebook-Owned Company
Instagram, a social media company owned by Facebook, recently implemented a tool in their platform allowing users to download a copy of all the data Instagram has stored in their account, including pictures, account profile information, and comments. This feature was deployed in an attempt to accommodate the upcoming UK Data Protection Bill. The only caveat was, users needed to submit their password before Instagram would share the file. That seems reasonable, considering their getting an entire file of every piece of data the social media network has in affiliation to the user’s account.
But there was a problem.
When users would submit their password, it would be sent to the designated URL in plain text. Meaning, if the internet connection was insecure, or the user was sharing a device, their password could have easily been intercepted. Fortunately, the problem has now been fixed. Instagram reported the problem only impacted a “small number” of people, all of which have been notified.
The bigger issue is, this is yet another security issue tied to the Facebook brand. It’s uncertain how many more security breaches they can handle before users start logging out for good.