Six million Instagram accounts hacked

A hack believed to target only celebrity accounts on Instagram has also accessed millions of users’ private data.

The warning comes just days after singer, Selena Gomez, appeared to be one of the first celebrity accounts to have been compromised, after hackers used a bug in the application programming interface (API), to access phone numbers and email addresses.

Originally believed to have focused solely on gaining access to A-lister accounts, it was revealed that almost six million Instagram accounts might also had private information stolen.

The news that ‘regular’ accounts were targeted is a further concern for the social media giant after they had assured everyone on August 30 that it was only celebs who were targeted.

The hackers, who are calling themselves Doxagram, have created an online database on the dark web that is accessible for cybercriminals. The group claim that “it is only $10 (price of two cups of coffee) for celebrity contact info”.

Official statement from Instagram CTO, Mike Krieger.

This news prompted Instagram CTO, Mike Krieger, to release a statement confirming the scale of the breach: “We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public”.

Instagram had originally claimed that only a “low percentage” of accounts were affected but the hackers quickly refuted this claim, forcing the Facebook-owned company to advise users how to protect themselves from such an attack. “Additionally, we’re encouraging you to report any unusual activity through our reporting tools,” Instagram said.

It is believed that an official account for the President of the United States of America, run by the White House social media team, was also among the six million Instagram accounts affected by the hack.

That’s not the first time Instagram is in the news for security issues; last time, though, it was used by cybercriminals to build URL paths for C&C administration but there was no hack and probably did not impact upon millions of users like this attack.

Author , ESET

  • Cryptid

    I’m no one, not a celebrity just a regular casual user of Instagram here, yet mine was 1 of the millions. But only today I was notified via the Instagram app that someone in Los Angeles, CA tried to log into my account. Of course I promptly changed my password, email and removed my phone number. Instagram didn’t even attempt to email me to notify of the security breach and that my account may have been affected.
    Upon the app notification I hit Google looking for news. This is when I discover many articles posted 2 weeks ago.
    Seems Instagram like many social media companies ignore the fact we are just as important as their celebrity accounts. Without normal users like myself, social media platforms wouldn’t make it off the drawing board. We are the ones that give social media life and make it popular. Not narcissistic celebrities (and yes many non-celebrities) that are constantly posting selfies. Us normal non-famous people give social media our art, views through our eyes of nature’s plants and animals. Showing life as it happens or how we view it. But we are tossed aside as if we aren’t important enough. I wonder how far many of those companies would get if people like myself stopped using their apps and websites.

Follow us

Copyright © 2018 ESET, All Rights Reserved.