源之原味

instaguram 通过其数据下载工具不小心泄露了一些用户密码

 

抽象
The bug has since been fixed

这篇文章来自theverge.com。原文网址是: https://www.theverge.com/2018/11/17/18100235/instagram-security-bug-exposed-user-passwords-data-download-tool

以下内容由机器翻译生成。如果您觉得可读性不好, 请阅读原文或 点击这里.

Instagram has notified some of its users that their password might have been exposed due to a security bug, 根据 的信息 (通过 ). A spokesperson for the company says that the issue was “discovered internally and affected a very small number of people.”

In this instance, the bug was tied to a feature that the company rolled out in April that allows users to download all of their data, implemented after European lawmakers rolled out its General Data Protection Regulation (GDPR). According to Instagram, some users who used that feature had their passwords included in a URL in their web browser, and that the passwords were stored on Facebook’s servers, Instagram’s parent company. A security researcher told 的信息 that this would only be possible if Instagram stores its passwords in plain text, which could be a larger and concerning security issue for the company. An Instagram spokesperson disputed this, saying that the company hashes and salts its stored passwords.

Instagram says that it has since fixed the feature so that passwords won’t be exposed, and told users that they should change their passwords, as a precaution. In a statement to The Verge, an Instagram spokesperson says that “if someone submitted their login information to use the Instagram ‘Download Your Data’ tool, they were able to see their password information in the URL of the page. This information was not exposed to anyone else, and we have made changes so this no longer happens.”

Updated November 17, 3:30PM ET: Included information from Instagram spokesperson regarding password security.

Leave A Reply

Your email address will not be published.