Instagram hack affects millions
Instagram confirms it has fixed the bug however many account details have been found on the dark web
Instagram has been hit by a malicious bug which is responsible for accessing millions of user accounts, stealing personal information.
The photo-sharing social media site warned that one or more hackers had been found stealing account information, in particular celebrity accounts, by exploiting a bug on Instagram's servers.
Instagram has since confirmed that it has fixed the bug, however hackers were quick to steal verified and non-verified account details, to which they began advertising the data in exchange for cryptocurrencies on the dark web.
They formed a searchable database named Doxagram, which has since been shut down, enabling users to pay $10 to access stolen Instagram profiles. Instagram did not disclose how many profiles had been affected, but the hackers had claimed they had information on more than six million users.
Singer Selena Gomez was one of the named victims as the hackers not only stole three naked photos of her ex-boyfriend, singer Justin Bieber, but also posted the pictures to her 125 million followers. The account has since been shut down.
According to cybersecurity firm RepKnight, dozens of celebrity account information still appears to be on the dark web, including actors Leonardo DiCaprio and Emma Watson, musicians Rihanna, Taylor Swift and Katy Perry, and athletes David Beckham and Floyd Mayweather.
"We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people's email address and phone number even if they were not public. No passwords or other Instagram activity was revealed.
"We quickly fixed the bug, and have been working with law enforcement on the matter. Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.
"Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails. Additionally, we're encouraging you to report any unusual activity through our reporting tools. You can access those tools by tapping the "..." menu from your profile, selecting "Report a Problem" and then "Spam or Abuse."
"Protecting the community has been important at Instagram from day one, and we're constantly working to make Instagram a safer place. We are very sorry this happened."
Though Instagram confirmed that no passwords were stolen, it is advised to change any associated email address or phone number linked to the Instagram account.