ANOTHER DAY, ANOTHER security breach at Facebook - although this time it's just the one billion Instagram users that need worry, rather than the two billion who get nervous every time Facebook's security hits the headlines.
Actually, in this case, it's far fewer than that. Instagram says that the bug was limited to "a small number of people," after it was discovered internally, and those affected have already been contacted. So if you haven't had an email, you're in the clear.
A report in The Intercept explains that the bug was an unfortunate consequence of the company's response to GDPR and data protection.
When Instagram created the option for users to download all their data, passwords were included as part of the URL before being stored on Facebook servers. While one security researcher told The Intercept that this would only be possible if passwords were stored in plain text - a massive security no no - an Instagram spokesperson denied this was the case, saying that all passwords were hashed and salted.
If that's true, then the only weak point would be if you'd happened to download your personal data on a shared computer or a compromised WiFi network, where URLs visited could be seen by others. As such, it's fair to take Instagram at its word about the small number of users affected: the chances of any given account being actually compromised this way is remarkably small.
All the same, if you do get the email, then change your login, and think about using a password manager if you don't already. If you use the same password everywhere, then it's only a matter of time before your master key is all over the internet for ne'er-do-wells to take advantage of. µ
Epyc performance potential, but Rome wan't build in a day
Patch? Patchy more like
Slurped surveillance info includes location data and social groups