A group of hackers used a bug earlier this week to scrape the phone numbers and email addresses of six million Instagram accounts and are now selling that information on the web, the TechCrunch writes.
The hackers mainly targeted celebrities and verified users, including Selena Gomez, who’s account was hacked two days ago. The hackers used this glitch in Instagram’s system to start posting nude pictures of the singer and actor’s ex-boyfriend Justin Bieber to her 125 million followers.
In a list sent to the Daily Beast, the hackers included 1,000 names of several well-known figures including celebrities, sports stars, and media personalities. The hackers also scraped the information of unverified users and are now reportedly selling this giant trove of data for $10 an inquiry via bitcoin. Instagram admitted the security bug in a letter today, though it downplayed how many users had been affected.
“Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts,” wrote Instagram CTO Mike Krieger.
Instagram services more than 700 million accounts; six million is not a small number, especially if it contains the phone numbers and emails of the most popular Instagrammers. However, Doxagram, the site selling the information via the hackers, appears to be down. It’s unclear if this was an effort by Instagram to shut the site down, but we’ve asked for more information.
Regardless of whether the site selling the information is gone for good, the hackers still have direct contact information for several high-profile accounts and may still be selling in some other way. Others also may have already bought from them and now that information is floating out there on the web. Instagram says it has since fixed the issue and that it is working with law enforcement. However, the bug exposes certain vulnerabilities within Instagram’s system and the popular platform will likely need to take further measures to button up on security for celebrities and everyone else with an account.
“Protecting the community has been important at Instagram from day one, and we’re constantly working to make Instagram a safer place. We are very sorry this happened,” Krieger wrote.