Instagram has been hit with a security bug that exposed some user’s passwords to public. According to The Information, the issue is linked to the tool that lets its users download a copy if their data.

The feature in question was introduced back in April after the roll out of General Data Protection Regulation (GDPR). The users who were affected by this feature were notified that their password was sent in plaintext in the URL. Also, for some reason, the passwords were also stored in Facebook’s servers, which, again, raises a lot of eyebrows.

A security researcher who spoke to The Information, noted that this was a part of the bigger problem that’s tied to the way Instagram handles user passwords. Instagram, however, disputed this and also noted that the issues was addressed, assuring that this won’t happen in the future.

This kind of a security issue is certainly not what Instagram wants on its plate given the fact it, and the parent company Facebook, hasn’t done much to win people’s confidence when it comes to how they handle sensitive user data, and how it shares the same with other companies.

As a precaution, I’d suggest you change your password immediately, even if it’s just to be safe. You can also safeguard your account by enabling two-factor authentication by following the steps given here. You can also use password managers to generate unique passwords.