Date:20/11/18
ANOTHER DAY, ANOTHER security breach at Facebook - although this time it's just the one billion Instagram users that need worry, rather than the two billion who get nervous every time Facebook's security hits the headlines.
Actually, in this case, it's far fewer than that. Instagram says that the bug was limited to "a small number of people," after it was discovered internally, and those affected have already been contacted. So if you haven't had an email, you're in the clear.
A report in The Intercept explains that the bug was an unfortunate consequence of the company's response to GDPR and data protection.
When Instagram created the option for users to download all their data, passwords were included as part of the URL before being stored on Facebook servers. While one security researcher told The Intercept that this would only be possible if passwords were stored in plain text - a massive security no no - an Instagram spokesperson denied this was the case, saying that all passwords were hashed and salted.
If that's true, then the only weak point would be if you'd happened to download your personal data on a shared computer or a compromised WiFi network, where URLs visited could be seen by others. As such, it's fair to take Instagram at its word about the small number of users affected: the chances of any given account being actually compromised this way is remarkably small.
All the same, if you do get the email, then change your login, and think about using a password manager if you don't already. If you use the same password everywhere, then it's only a matter of time before your master key is all over the internet for ne'er-do-wells to take advantage of.
Instagram’s GDPR tool exposes ‘a small number’ of user passwords
ANOTHER DAY, ANOTHER security breach at Facebook - although this time it's just the one billion Instagram users that need worry, rather than the two billion who get nervous every time Facebook's security hits the headlines.Actually, in this case, it's far fewer than that. Instagram says that the bug was limited to "a small number of people," after it was discovered internally, and those affected have already been contacted. So if you haven't had an email, you're in the clear.
A report in The Intercept explains that the bug was an unfortunate consequence of the company's response to GDPR and data protection.
When Instagram created the option for users to download all their data, passwords were included as part of the URL before being stored on Facebook servers. While one security researcher told The Intercept that this would only be possible if passwords were stored in plain text - a massive security no no - an Instagram spokesperson denied this was the case, saying that all passwords were hashed and salted.
If that's true, then the only weak point would be if you'd happened to download your personal data on a shared computer or a compromised WiFi network, where URLs visited could be seen by others. As such, it's fair to take Instagram at its word about the small number of users affected: the chances of any given account being actually compromised this way is remarkably small.
All the same, if you do get the email, then change your login, and think about using a password manager if you don't already. If you use the same password everywhere, then it's only a matter of time before your master key is all over the internet for ne'er-do-wells to take advantage of.
Views: 434
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
