A tool from Instagram was insecure and transmitted some passwords without encryption. A bug corrected today, but which does not reassure.
Instagram is one of the most popular social networks of the moment. Owned by Facebook, the app regularly improves with new features, sometimes inspired by Snapchat.
But the application also offers new features of its own, such as the downloading of content from its account by a user, a functionality deployed last April and allowing a user to create an archive of his content posted online. Unfortunately, this included a serious security flaw.
An annoying bug
Indeed, according to The Information, users who took advantage of this feature saw their password broadcast in plain text directly in the browser's URL. Worse still, the password in question was also copied to Facebook's servers, again without encryption.
This bug is all the more problematic for those who have used this feature on an open WiFi network or a public computer, which are not very secure. There is nothing to confirm, however, that accounts have been hacked because of this security flaw.
An Instagram spokesperson confirmed to The Information that this issue has only impacted a "small number of people" and that all have received an email warning them of the potential danger, inviting them to change their password. past. In addition, the flaw has been fixed and the passwords stored in the clear in Facebook's database have been deleted.
How to secure your smartphone
9 rules to follow to secure your Android smartphone (and iPhone)
Remember that it is important to set different passwords on your different accounts to prevent such a flaw from allowing malicious souls to access very sensitive data. We also recommend using a password manager to create strong passwords and make them easier to use.The 4 best free and paid password managers
There are excellent password managers that allow you to keep all of your passwords used on the Internet in one place so you don't have to remember them. Here is…