- Twitter lifts ‘permanent’ suspension of activist Barrett Brown Monday 5:52 PM
- Billie Eilish fans fend off objectifying comments on tank top photo Monday 5:32 PM
- Groom’s mother sabotages wedding by tricking guests into wearing jorts and hoodies Monday 4:39 PM
- No one believes Bill de Blasio’s son sent him these debate prep texts Monday 3:26 PM
- Meek Mill, Jay-Z to release ‘Free Meek’ documentary on Amazon Prime Monday 3:20 PM
- 3 ways to secure your Nest cameras Monday 3:15 PM
- This Pokémon generator site is creating hilarious monsters Monday 2:48 PM
- MrBeast impersonator tricks kid into destroying his XBox Monday 12:50 PM
- This mom has the perfect nickname for her nonbinary kid Monday 12:25 PM
- Netflix tests pop-out player that will allow viewers to multitask Monday 11:44 AM
- Man allowed to sue media publishers over readers’ Facebook comments Monday 11:42 AM
- Republicans slammed for joke about ‘heavily armed militia’ at Oregon statehouse Monday 11:30 AM
- New bill wants tech companies to tell you how much your data is worth Monday 10:53 AM
- AOC has the best response to Steve King’s ‘concentration camp’ criticism Monday 10:19 AM
- Did Jake Paul and Tana Mongeau just get engaged? Monday 9:26 AM
Photo via BeeBright/Shutterstock (Licensed)
These celebrity accounts might have been affected.
Instagram initially confirmed a bug on Wednesday that left users’ personal data vulnerable, but it wasn’t clear how many people were affected. According to the Verge, the social giant has now confirmed the bug allowed hackers to compile email addresses and phone numbers from “millions of accounts.”
Ars Technica says someone reached out to the site claiming to have collected data from 6 million Insta users. The anonymous group even provided the publication with a sample of 10,000 stolen records.
Ars confirmed the records with Troy Hunt, security researcher and owner of breach notification service Have I been Pwnd. “My conclusion: There’s nothing in here to disprove the data,” Hunt said. “It’s ‘possible’ it has been scraped together from other sources, but every indication is that it’s legitimate and the vector you wrote about earlier is absolutely feasible and certainly not unprecedented.”
The hackers also provided the Daily Beast with a sample of 1,000 records that includes a phone number, email, or both. The hackers said they set up their scraper to first gather contact information from accounts with more than 1 million followers. One of the accounts allegedly belongs to the official Instagram page for POTUS. Others allegedly belong to Cristiano Ronaldo, Jennifer Lopez, Drake, and several other celebrities. To make matters worse, unverified users also appear to have been hacked.
The people behind the site, called “Doxagram,” are reportedly selling the information for $10 in Bitcoin per search, “So far we’ve had 12 deposits totaling around $500,” the site operator told Ars six hours after going live. “Not a horrible start.”
Instagram patched its bug shortly after it was first discovered, but the damage was done.
Instagram co-founder and chief technical officer Mike Krieger said in a blog post he believes a “low percentage” of Instagram users were affected. That doesn’t say much considering there are more than 700 million members. Krieger also said the company is working with law enforcement, and he encouraged users to be careful receiving texts and phone calls from unknown numbers.
The social giant gave the Daily Beast the same comment it put out Thursday:
“We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information—specifically email address and phone number—by exploiting a bug in an Instagram API. No account passwords were exposed. We fixed the bug swiftly and are running a thorough investigation.
Our main concern is for the safety and security of our community. At this point we believe this effort was targeted at high-profile users so, out of an abundance of caution, we are notifying our verified account holders of this issue. As always, we encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognized incoming calls, texts and emails.”
The Daily Dot has reached out to Instagram for comment.
H/T the Verge
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.