Forgot your password?

Back to login

Instagram hack hit millions of accounts
September 10, 2017, 1:47 pm

A bug that exposed users’ contact information on Instagram affected a far greater number of accounts than the company originally revealed. While Instagram first said the hack was limited to only holders of verified accounts, last week it admitted that the bug, which allowed hackers to scrape email addresses and contact information, infected millions of non-verified accounts as well.

Instagram still will not say how many accounts were affected, other than that it is a “low percentage of Instagram accounts.” There are more than 700 million active Instagram accounts; hackers say they have information on file for 6 million users. Shortly after the hack was revealed, Instagram said it had fixed the bug and that the passwords of users had not been exposed.

Hackers established a searchable database named Doxagram allowing users to search for victims’ contact information for $10 per search. The hacker provided a list of 1,000 accounts they said were available for searching on Doxagram, and the list included most of the 50 most-followed accounts on the service. Since last Friday, Doxagram has been offline. It was unclear how or when it might come back. Instagram would not comment on whether it had sought to have the site shut down.

But even with the site shut down, contact information for dozens of celebrities from the cinema, music and sports field, including Emma Watson, Leonardo DiCaprio, Beyonce, Lady Gaga, Taylor Swift, Britney Spears, Floyd Mayweather, David Beckham and others now appears to be floating around on the dark web.

For celebrities and other high-profile users, the hack could mean having to change a phone number, email address, or both. But it can also be used along with social engineering techniques to gain access to the account itself.

Instagram co-founder and chief technical officer Mike Krieger said in a blog post. “Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.”

“We encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognized incoming calls, texts and emails,” Krieger said. “The safety and security of our community are important to us, and we are very sorry this happened,” he added.

Share your views

"It is hard to fail, but it is worse never to have tried to succeed."

"Envy comes from wanting something that isn't yours. But grief comes from losing something you've already had."

Photo Gallery