Instagram has notified some of its users that their password might have been revealed to the public due to a bug present in one of the app’s features.
The bug was found in the tool which allowed the users to download their own data from the social network – if the feature was used, their password was included in plaintext in the URL and these passwords were then stored on the Facebook servers as well.
Apparently, only a small number of users were affected by the issue and the bug was fixed almost as soon as Instagram caught on to it. All the affected users have been notified and advised to change their password, in addition to clearing their browser history.
Even so, users are still advised to enable two-factor authentication.