{"id":84526,"date":"2018-12-04T09:28:16","date_gmt":"2018-12-04T17:28:16","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=84526"},"modified":"2019-05-03T20:01:14","modified_gmt":"2019-05-04T03:01:14","slug":"did-instagram-leak-your-password","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/","title":{"rendered":"Did Instagram leak your password?"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-84535\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-600x300.png\" alt=\"Instagram password leak security 600x300\" width=\"600\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-600x300.png 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-600x300-150x75.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-600x300-300x150.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>Back in April, Instagram introduced a data export feature to comply with the General Data Protection Regulation (GDPR), a regulation in European Union law intended to protect citizens&#8217; privacy.<\/p>\n<p>But, in an ironic twist, the way in which Instagram implemented its data export feature inadvertently leaked some users&#8217; passwords. The Facebook subsidiary\u00a0notified affected users via e-mail in November.<\/p>\n<h3>What Happened?<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-medium wp-image-84532\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-300x300.png\" alt=\"Downloads folder icon, macOS\" width=\"200\" height=\"200\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-300x300.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-768x768.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-657x657.png 657w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Downloads-folder-icon-macOS.png 1024w\" sizes=\"(max-width: 200px) 100vw, 200px\" \/><\/p>\n<p>Instagram&#8217;s &#8220;Download Your Data&#8221; feature worked correctly if a user clicked on the Submit button after entering their password.<\/p>\n<p>However, if the user had instead pressed the Return or Enter key to submit their password, the site reportedly put the user&#8217;s password in plaintext in the URL of the resulting page. That&#8217;s a bad thing, because it means that in some very specific circumstances, it may have been possible for unauthorized parties to discover affected users&#8217; passwords.<\/p>\n<p>Instagram has since fixed the bug, so it&#8217;s safe to use the Download Your Data feature now.<\/p>\n<h3>Who Had Access to\u00a0Leaked Passwords?<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-medium wp-image-23044\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2014\/03\/sharing-passwords-300x187.jpg\" alt=\"Guy with magnifying glass peeping at passwords\" width=\"300\" height=\"187\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2014\/03\/sharing-passwords-300x187.jpg 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2014\/03\/sharing-passwords-150x93.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2014\/03\/sharing-passwords.jpg 600w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Instagram&#8217;s server logs unintentionally collected these passwords in plaintext, so the company is reportedly deleting any passwords found in those logs.<\/p>\n<p>Neither Instagram nor its parent company Facebook have responded to our inquiries about who may have had access to the affected logs or whether the log sanitization has been completed.<\/p>\n<p>Historically it was much worse for a password to be found in a URL because it meant that any &#8220;man in the middle&#8221; (anyone in between your browser and the server to which\u00a0you are connecting) could see the complete address. But now that most sites use HTTPS, only the domains\u2014for example, instagram.com\u2014are visible to in-between parties, not the full URLs.<\/p>\n<p>Well, at least that&#8217;s true in most cases. If you or someone with access to your device has installed a special root certificate authority and configured your system to always trust it, then a man in the middle (MITM) who possesses the matching private key could even potentially see complete HTTPS URLs you&#8217;ve accessed.<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-74239\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MaMi-root-CA-cropped.png\" alt=\"\" width=\"770\" height=\"643\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MaMi-root-CA-cropped.png 770w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MaMi-root-CA-cropped-150x125.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MaMi-root-CA-cropped-300x251.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MaMi-root-CA-cropped-768x641.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MaMi-root-CA-cropped-657x549.png 657w\" sizes=\"(max-width: 770px) 100vw, 770px\" \/><\/p>\n<p style=\"text-align: center;\">Example of an explicitly trusted, non-default root CA<\/p>\n<p>The practice of leveraging an MITM certificate is common on enterprise or school networks for the purposes of monitoring employee or student activity. If a victim of the Instagram bug had such a certificate installed, then it&#8217;s possible that their password may have been stored in plaintext in their organization&#8217;s Web filter logs too.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-74242\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MITM-Diagram.png\" alt=\"Malware Man in the Middle (MITM) Attack Diagram\" width=\"336\" height=\"293\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MITM-Diagram.png 336w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MITM-Diagram-150x131.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/01\/MITM-Diagram-300x262.png 300w\" sizes=\"(max-width: 336px) 100vw, 336px\" \/><br \/>\nMalware like <a href=\"https:\/\/www.intego.com\/mac-security-blog\/ay-mami-new-dns-hijacking-mac-malware-discovered\/\" target=\"_blank\" rel=\"noopener\">OSX\/MaMi<\/a> can also engage in MITM attacks.<\/p>\n<p>Of course, anyone with direct access to a victim&#8217;s device could also search the browser history to look for Instagram URLs that may contain a password. If you were unfortunate enough to have used a publicly shared computer to download your Instagram data, anyone who used the computer after you could have\u00a0gotten your password unless you remembered to delete your browsing data. (For this and a plethora of other reasons, users should avoid logging into any accounts\u00a0when using public kiosks at\u00a0places like hotels, libraries, labs or Internet caf\u00e9s.)<\/p>\n<h3>How Many Users Were Affected?<\/h3>\n<p>An Instagram spokesperson has stated that &#8220;a very small number of people&#8221; were affected by the bug, which was &#8220;discovered internally&#8221;\u2014in other words, not\u00a0reported to Instagram by a third party. Thus it\u00a0seems plausible that very few people outside of Instagram were aware of the bug until after\u00a0Instagram&#8217;s\u00a0disclosure to affected users.<\/p>\n<h3>What To Do If You Might Have Been Affected<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-medium wp-image-84544\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Change-Your-Passwords-girl-holding-sign-280x300.png\" alt=\"Change Your Password girl holding sign, based on https:\/\/en.wikipedia.org\/wiki\/File:Wikipe-tan_holding_sign_cropped.png\" width=\"233\" height=\"250\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Change-Your-Passwords-girl-holding-sign-280x300.png 280w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Change-Your-Passwords-girl-holding-sign-140x150.png 140w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Change-Your-Passwords-girl-holding-sign-657x703.png 657w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Change-Your-Passwords-girl-holding-sign.png 718w\" sizes=\"(max-width: 233px) 100vw, 233px\" \/>If you&#8217;re not sure whether your Instagram account was\u00a0affected, check your e-mail; you should have received notification from Instagram around November 15. If you didn&#8217;t receive an e-mail but you did use the data export feature before that date, it wouldn&#8217;t hurt to change your Instagram password and delete your browser history just to be safe. If you&#8217;ve used the same password on other sites, you&#8217;ll want to change\u00a0your password\u00a0elsewhere too and avoid reusing passwords across multiple sites in the future.<\/p>\n<h3>How\u00a0Can I Learn More?<\/h3>\n<p><a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-71818\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png\" alt=\"\" width=\"50\" height=\"50\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png 300w\" sizes=\"(max-width: 50px) 100vw, 50px\" \/><\/a>We discussed this topic on <a href=\"http:\/\/podcast.intego.com\/59\" target=\"_blank\" rel=\"noopener\">episode 59<\/a>\u00a0of the <strong>Intego Mac Podcast<\/strong>. Each week we\u00a0bring you engaging discussion of\u00a0the latest Apple security news, so be sure to <a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\">subscribe<\/a> to the podcast to ensure you don&#8217;t miss any episodes. You&#8217;ll also want to subscribe to our <strong>e-mail newsletter<\/strong> and keep an eye here on <strong>The Mac Security Blog<\/strong> for updates.<\/p>\n<p>For a few additional details on this Instagram bug, you can refer to articles by <a href=\"https:\/\/www.theinformation.com\/articles\/new-instagram-bug-raises-security-questions\" target=\"_blank\" rel=\"noopener\">Sarah Kuranda and Reed Albergotti<\/a> and <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/11\/20\/instagram-accidentally-reveals-plaintext-passwords-in-urls\/\" target=\"_blank\" rel=\"noopener\">Lisa Vaas<\/a>.<\/p>\n<p><span style=\"font-size: x-small;\">CloudGuard root CA screenshot credit: <a href=\"https:\/\/objective-see.com\/blog\/blog_0x26.html\" target=\"_blank\" rel=\"noopener\">Patrick Wardle<\/a>. Man in the middle diagram image credit:\u00a0<a href=\"https:\/\/commons.wikimedia.org\/wiki\/File:MITM_Diagramm.png\" target=\"_blank\" rel=\"noopener\">Nasanbuyn<\/a>\u00a0(<a href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/\" target=\"_blank\" rel=\"noopener\">CC BY-SA 4.0<\/a>) and <a href=\"https:\/\/store.storeimages.cdn-apple.com\/4974\/as-images.apple.com\/is\/image\/AppleInc\/aos\/published\/images\/r\/ef\/refurb\/2017\/refurb-2017-imac-215-retina-gallery?wid=1144&amp;hei=1144&amp;fmt=jpeg&amp;qlt=95&amp;op_sharpen=0&amp;resMode=bicub&amp;op_usm=0.5%2C0.5%2C0%2C0&amp;iccEmbed=0&amp;layer=comp&amp;.v=1499116835523\" target=\"_blank\" rel=\"noopener\">Apple<\/a>;\u00a0modified by\u00a0Joshua Long. Girl holding CHANGE YOUR PASSWORD sign based on\u00a0image by\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/File:Wikipe-tan_holding_sign_cropped.png\" target=\"_blank\" rel=\"noopener\">Kasuga~enwiki<\/a>\u00a0(<a href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/3.0\/\" target=\"_blank\" rel=\"noopener\">CC BY-SA 3.0<\/a>).<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Back in April, Instagram introduced a data export feature to comply with the General Data Protection Regulation (GDPR), a regulation in European Union law intended to protect citizens&#8217; privacy. But, in an ironic twist, the way in which Instagram implemented its data export feature inadvertently leaked some users&#8217; passwords. The Facebook subsidiary\u00a0notified affected users via [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":84541,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[43,53,1834,96,106],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Back in April, Instagram introduced a data export feature to comply with the General Data Protection Regulation (GDPR), a regulation in European Union law\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Did Instagram leak your password? - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Back in April, Instagram introduced a data export feature to comply with the General Data Protection Regulation (GDPR), a regulation in European Union law\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-04T17:28:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-05-04T03:01:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-400x260.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-400x260.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-400x260.png\",\"width\":400,\"height\":260,\"caption\":\"Instagram password leak Enter key security issue\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/\",\"name\":\"Did Instagram leak your password? - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#primaryimage\"},\"datePublished\":\"2018-12-04T17:28:16+00:00\",\"dateModified\":\"2019-05-04T03:01:14+00:00\",\"description\":\"Back in April, Instagram introduced a data export feature to comply with the General Data Protection Regulation (GDPR), a regulation in European Union law\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Did Instagram leak your password?\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"Did Instagram leak your password?\",\"datePublished\":\"2018-12-04T17:28:16+00:00\",\"dateModified\":\"2019-05-04T03:01:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#webpage\"},\"wordCount\":776,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-400x260.png\",\"keywords\":[\"Data Breach\",\"Facebook\",\"Instagram\",\"Passwords\",\"Privacy\"],\"articleSection\":[\"Security &amp; Privacy\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Back in April, Instagram introduced a data export feature to comply with the General Data Protection Regulation (GDPR), a regulation in European Union law","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/","og_locale":"en_US","og_type":"article","og_title":"Did Instagram leak your password? - The Mac Security Blog","og_description":"Back in April, Instagram introduced a data export feature to comply with the General Data Protection Regulation (GDPR), a regulation in European Union law","og_url":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2018-12-04T17:28:16+00:00","article_modified_time":"2019-05-04T03:01:14+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-400x260.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-400x260.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-400x260.png","width":400,"height":260,"caption":"Instagram password leak Enter key security issue"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/","name":"Did Instagram leak your password? - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#primaryimage"},"datePublished":"2018-12-04T17:28:16+00:00","dateModified":"2019-05-04T03:01:14+00:00","description":"Back in April, Instagram introduced a data export feature to comply with the General Data Protection Regulation (GDPR), a regulation in European Union law","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Did Instagram leak your password?"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"Did Instagram leak your password?","datePublished":"2018-12-04T17:28:16+00:00","dateModified":"2019-05-04T03:01:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#webpage"},"wordCount":776,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-400x260.png","keywords":["Data Breach","Facebook","Instagram","Passwords","Privacy"],"articleSection":["Security &amp; Privacy"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/did-instagram-leak-your-password\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Instagram-password-leak-security-400x260.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-lZk","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/84526"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=84526"}],"version-history":[{"count":8,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/84526\/revisions"}],"predecessor-version":[{"id":87052,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/84526\/revisions\/87052"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/84541"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=84526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=84526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=84526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}