An Instagram security leak left some users’ passwords exposed, Engadget reports.
Instagram’s tool that allows users to download a copy of their own data sent these users their passwords in plain text.
These passwords were also stored on Facebook’s servers, although they have since been deleted.
An Instagram spokesperson said that only a “small number of people” were affected.
However, if these people were using a shared device or an insecure network, their account info was left wide open to being accessed by malicious parties.
Instagram has informed all users whose information was exposed by this bug.
Facebook, which owns Instagram, has come under increased scrutiny in recent months due to a string of security breaches.