Instagram has displayed user passwords in a URL in a web browser after a bug was found within the 'Download Your Data' feature the company rolled out in April. The issue has now been fixed, but Instagram has said users should change their passwords as a precaution.
The bug came as part of an update that allowed users to download all of their data which was rolled out after the implementation of General Data Protection Regulation (GDPR) by European law-makers. Some users who used this feature had the passwords to their Instagram accounts displayed in a URL in their web browser.
Bugs like this happen from time to time and companies are usually very swift in correcting the issue. The larger issue is that this bug would only be possible if passwords were stored as plain text, which is a large security concern for many people as we would expect a database held by Facebook to have some level of encryption.
Instagram told The Verge that while some users who used the 'Download Your Data' tool had their passwords displayed in the URL, this would only have been visible to them and the problem has now been corrected. Once again, they recommend that if you have used this tool, changing your password just to be safe would be a wise course of action.