A flaw in Instagram code was exploited recently and hackers gathered the contact information of approximately 6 million users. While this is valuable in and of itself, the data which has captured the public’s attention is the release of celebrity contact information. For just $10 on the darknet, you can gain access to Taylor Swift’s mobile phone number, along with a whole host of other celebrities.
An update in 2016 contained some flawed coding which allowed the hack to take place. Since the breach was discovered, the vulnerability has been patched so no more data can be stolen and Instagram is investigating what happened. However, for six million users, the damage has already been done. A group named Doxagram (Instagram plus Doxxing – the term for dumping private data online), has set up a searchable database on the darknet. Pay just $10 and you can gain access to the contact information of a whole host of A-list celebrities including David Beckham, Emma Watson, Beyoncé, Leonardo DiCaprio, Floyd Mayweather, and Miley Cyrus.
Contained within this same database is the information of 6 million regular or unverified users as well. Instagram accounts may hold information such as a mobile phone number and email addresses. This data, in the wrong hands, can be used to exploit valuable information, launch cyber attacks and infect devices. While the attack was aimed at ‘high profile’ users, or verified accounts, the vast majority of those affected were regular users. Instagram says they are unable to determine which unverified accounts were affected. Instagram have however confirmed that no passwords were stolen so the accounts on the social media platform themselves are not at risk.
Predictably, most of the celebrities in the database will now have changed their contact details after the leak was brought to the public’s attention. However, with 6 million unverified users also at risk, Instagram is urging users to be particularly vigilant when watching for phishing attacks. This includes incoming calls from unknown numbers as well as texts and emails from unknown senders. If you are an Instagram user and you notice a spike in any of these areas, we recommend you ‘report a problem’ via your Instagram account using the ‘…’ menu option from your profile. This will alert Instagram to the possibility of your account being one of the 6 million affected.
While the privacy of celebrities may be at risk, so to is that of everyone else who was hacked. In the wrong hands, phone numbers and email addresses can be used to trick unsuspecting users into downloading malware, handing over sensitive data and falling victim to yet another cyber attack. Stay alert, be wary and think before you act when it comes to any kind of electronic contact from an unknown source.