Instagram GDPR Tool Exposes Subscriber Passwords

A warning has been issued by Instagram that a number of users of the social media platform have had their password details exposed by a security leak.

Ironically, this breach occurred due to a flaw in the ‘Download Your Data’ tool that Instagram added to the platform to allow users to download a copy of their own data. Instagram sent these users their passwords in plain text. This feature was implemented in April in order to ensure compliance with the European Union General Data Protection legislation which became enforceable on May 25 this year. The tool was developed due to privacy concerns in the aftermath of Facebook’s Cambridge Analytica scandal.

The exposed passwords were also stored on Facebook’s servers due to the partnership between the platforms. However, they have since been erased from these databases.

Instagram revealed, late last week, that it has amended the tool to address the issue. The also promised users that they would be more careful with data privacy going forward. Facebook has also confirmed that Instagram has deleted any logged passwords. It has also advised users to change their passwords and clear their browser’s history. On November 20 Instagram tweeted: “We know some people are having trouble accessing Instagram right now. We know this is frustrating, and we’re working to resolve the issue as soon as possible.”

This is just the latest in a long list of privacy breaches that large multinational Internet and Social Media companies have had to deal with in 2018. They include:

The ramifications for beaches like this are severe. Financial penalties can be as high as €20m or 4% of annual global revenue – whichever figure is higher.