An alert has been published by Instagram stating that a number of subscribers to the social media platform have had their password details exposed due a security leak.
Strangely, this breach took place due to a flaw in the ‘Download Your Data’ tool that Instagram included on the platform to allow users to obtain a copy of their own data. Instagram issued these users with their passwords in plain text. This feature was added in April in order to allow compliance with the European Union General Data Protection legislation which became enforceable on May 25 this year. The tool was added to the platform due to privacy concerns in the aftermath of Facebook’s Cambridge Analytica scandal.
The exposed passwords were also saved on Facebook’s servers due to the partnership between the social media platforms. However, they have since been deleted from these databases.
Instagram stated publicly, late last week, that it had changed the tool to address the flaw. The also promised users that they would be more cautious in relation to data privacy going forward. Facebook has also stated that Instagram has erased any logged passwords. It has also warned users to change their passwords and clear their browser’s history. On November 20 Instagram said, on Twitter: “We know some people are having trouble accessing Instagram right now. We know this is frustrating, and we’re working to resolve the issue as soon as possible.”
This is just the most recent in a long list of privacy violations that large multinational Internet and Social Media companies have had to manage in 2018. They include:
- Facebook Facing GDPR Audit over Audience Targeting Methods
- Facebook Says Around 50m Accounts Holders Have Privacy Violated in Cyber Attack
- Facebook Facing UK£500k Penalty for Pre-GDPR Data Breach
- Google+ to be Discontinued as Irish DPA Investigates GDPR Breach
- Tech Giants including Facebook and Google have to Answer GDPR Complaints
- Twitter Under Being Investigated by Irish DPA for Possible GDPR Violations
The consequences for beaches like this are quite significant. Fines can be up to €20m or 4% of annual global revenue – whichever figure is higher.