Instagram has come forward to users informing them that as a result of a security flaw their passwords could have been exposed. An Instagram spokesperson has said that the issue was 'discovered internally and affected a very small number of people'.
The security flaw lies in the 'Download Your Data' tool, which was devised to comply with the EU GDPR regulations. For some users it could have included their password in the URL of the link they've been sent to, um, download their data. If they were on a shared computer, that link would have exposed their password to people using it after them.
Source: https://www.gsmarena.com/security_flaw_ ... -34282.php
I think the biggest question is why the store the password in plaintext (or a recoverable) format. I thought this was Security 101 over a decade ago!