Instagram GDPR Tool Discloses Subscriber Passwords

November 24, 2018


A warning has been issued by Instagram that a number of users of the social media platform have had their password details disclosed by a safety leak.

Unluckily, this breach happened because of a fault in the ‘Download Your Data’ instrument that Instagram added to the platform to permit users to download a copy of their own data. Instagram delivered these users their passwords in plain text. This aspect was applied in April in order to make sure compliance with the EU General Data Protection legislation which became enforceable on May 25 this year. The instrument was developed because of secrecy concerns in the aftermath of Facebook’s Cambridge Analytica scandal.

The disclosed passwords were also saved on Facebook’s servers because of the partnership between the platforms. Nevertheless, they have since been removed from these databases.

Instagram disclosed, late last week, that it has modified the tool to tackle the issue. They also assured users that they would be more cautious with data secrecy going forward. Facebook has also verified that Instagram has removed any registered passwords. It has also suggested users modify their passwords and clear their browser’s record. On November 20 Instagram tweeted: “We know some folks are having a problem retrieving Instagram right now. We know this is annoying, and we’re working to settle the issue as soon as possible.”

This is just the latest in a long list of secrecy breaches that big international Internet and Social Media firms have had to cope with in 2018. They contain:

The consequences of beaches like this are harsh. Fiscal penalties can be as high as €20m or 4% of yearly international income – whichever figure is higher.