Up to six million Instagram users’ personal info has been stolen.
A bug in the social network has exposed some users’ phone numbers and emails if they weren’t public. The data was subsequently stolen by hackers who were selling searches of the exposed data for $10 a pop, The Daily Beast’s Joseph Cox reported, with the hackers claiming to have more than 6 million users’ details.
Initially, it looked like just high-profile users and celebrities were affected – with Selena Gomez’s account hacked last week as an apparent result of it. But it has since become clear that the issue is broader.
In a blog post, Instagram CTO Mike Krieger confirmed the bug exposed users’ details, and said Instagram is working with law enforcement.
The exec wrote: “We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public. No passwords or other Instagram activity was revealed.
“We quickly fixed the bug, and have been working with law enforcement on the matter. Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.”
The Verge reports that affected high-profile users affected allegedly include Emma Watson, Emilia Clarke, Leonardo DiCaprio, Harry Styles, Victoria Beckham, Beyoncé, Taylor Swift, Floyd Mayweather, and David Beckham.
It has the potential to cause a serious headache for celebrities (or anyone who doesn’t want their number public) – who may be forced to change their phone number as a result of the hack.
The as-yet unidentified hackers were selling searches of the data using a dedicated site, called Doxagram. After going offline late last week, it now appears to be up and running again, though Business Insider did not pay to test the service.