A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users.

The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users see and download the personal data that the social media platform had collected on them.

 A company spokesperson told The Information that the flaw only affected “small number” of users.

“Regardless of the number of individuals affected, this event raises major concerns about the way that Instagram is handling its users’ data,” said Bitglass CMO Rich Campagna. “In light of the fact that Facebook owns Instagram and has been experiencing a number of security debacles of its own, it should come as little surprise that Instagram is now exhibiting similar issues.

Despite the need for greater security, “many companies continue to display poor stewardship over the personal details belonging to customers, employees, and other parties,” said Campagna. “Unless organizations begin to respect the importance of protecting customer data, we will continue to see more big-name companies making costly mistakes that harm countless individuals.”