A group of hackers have discovered, and used, an Instagram bug this week to scrape the phone numbers and email addresses of six million Instagram accounts. They are now selling that information online.
Instagram announced it had fixed the bug that allowed hackers to learn users’ phone numbers and email addresses.
The data appears to include email addresses and phone numbers for a selection of high profile Instagram users, including politicians, sports stars, and media companies.
The hackers mainly targeted celebrities and verified users, including Selena Gomez, who’s account was hacked two days ago. The hackers used this glitch in Instagram’s system to start posting nude pictures of the singer and actor’s ex-boyfriend Justin Bieber to her 125 million followers.
The list includes 1,000 names of several well-known figures including celebrities, sports stars, and media personalities.
The hackers also scraped the information of unverified users and are now reportedly selling this trove of data for $10 an inquiry via bitcoin.
Instagram admitted the security bug in a letter today, though it downplayed how many users had been affected.
Instagram CTO Mike Krieger wrote,
“We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public. No passwords or other Instagram activity was revealed.“
“We quickly fixed the bug, and have been working with law enforcement on the matter. Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.”
“Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails. Additionally, we’re encouraging you to report any unusual activity through our reporting tools. You can access those tools by tapping the “…” menu from your profile, selecting “Report a Problem” and then “Spam or Abuse.”
“Protecting the community has been important at Instagram from day one, and we’re constantly working to make Instagram a safer place. We are very sorry this happened.”
The bug exposes certain vulnerabilities within Instagram’s system and the popular platform will likely need to take further measures to button up on security for celebrities and everyone else with an account.