Home / / Instagram hack affects millions

Instagram hack affects millions

Instagram confirms it has fixed the bug however many account details have been found on the dark web

Instagram hack affects millions
Instagram has since confirmed that it has fixed the bug.

Instagram has been hit by a malicious bug which is responsible for accessing millions of user accounts, stealing personal information.

The photo-sharing social media site warned that one or more hackers had been found stealing account information, in particular celebrity accounts, by exploiting a bug on Instagram's servers.

Instagram has since confirmed that it has fixed the bug, however hackers were quick to steal verified and non-verified account details, to which they began advertising the data in exchange for cryptocurrencies on the dark web.  

They formed a searchable database named Doxagram, which has since been shut down, enabling users to pay $10 to access stolen Instagram profiles. Instagram did not disclose how many profiles had been affected, but the hackers had claimed they had information on more than six million users.

Singer Selena Gomez was one of the named victims as the hackers not only stole three naked photos of her ex-boyfriend, singer Justin Bieber, but also posted the pictures to her 125 million followers. The account has since been shut down.

According to cybersecurity firm RepKnight, dozens of celebrity account information still appears to be on the dark web, including actors Leonardo DiCaprio and Emma Watson, musicians Rihanna, Taylor Swift and Katy Perry, and athletes David Beckham and Floyd Mayweather.

Instagram co-founder Mike Krieger said in a statement:

"We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people's email address and phone number even if they were not public. No passwords or other Instagram activity was revealed.

"We quickly fixed the bug, and have been working with law enforcement on the matter. Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.

"Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails. Additionally, we're encouraging you to report any unusual activity through our reporting tools. You can access those tools by tapping the "..." menu from your profile, selecting "Report a Problem" and then "Spam or Abuse."

"Protecting the community has been important at Instagram from day one, and we're constantly working to make Instagram a safer place. We are very sorry this happened."

Though Instagram confirmed that no passwords were stolen, it is advised to change any associated email address or phone number linked to the Instagram account.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.