By Shane Curtis
A hack believed to target only celebrity accounts
on Instagram has also accessed millions of users’ private data.
The warning comes just days after singer, Selena
Gomez, appeared to be one of the first celebrity accounts to have been compromised,
after hackers used a bug in the application programming interface (API), to access phone
numbers and email addresses.
Originally believed to have focused solely on
gaining access to A-lister accounts, it was revealed that almost six million
Instagram accounts might also had private information stolen.
The news that ‘regular’ accounts were targeted is a
further concern for the social media giant after they had assured everyone on
August 30 that it was only celebs that were targeted.
The hackers, who are calling themselves Doxagram,
have created an online database on the dark web that is accessible for
cybercriminals. The group claim that “it is only $10 (price of two cups of
coffee) for celebrity contact info”.
This news prompted Instagram CTO, Mike Krieger, to
release a statement confirming the scale of the breach: “We care deeply about
the safety and security of the Instagram community, so we want to let you know
that we recently discovered a bug on Instagram that could be used to access
some people’s email address and phone number even if they were not public”.
Instagram had originally claimed that only a “low
percentage” of accounts were affected but the hackers quickly refuted this
claim, forcing the Facebook-owned company to advice users how to protect
themselves from such an attack. “Additionally, we’re encouraging you to report
any unusual activity through our reporting tools,” Instagram said.
It is believed that an official account for the
President of the United States of America, run by the White House social media
team, was also among the six million Instagram accounts affected by the hack.
That’s not the first time Instagram is in the news
for security issues, last time though it was used by cybercriminals to build URL paths for C&C administration but there was no hack and
probably did not impact upon millions of users like this attack.