A group of hackers targeting celebrities’ Instagram accounts may have accessed millions of users’ private data, the Facebook subsidiary has confirmed.
According to reports, a bug in the social media company’s API enabled hackers to gain access to account holders’ phone numbers and email addresses.
Singer Selena Gomez appeared to be one of the personalities whose accounts were compromised during a cyber-attack on the photo-sharing app last week.
On 30th August, Instagram assured that only celebrities have been targeted by the hacking incident. However, recent reports suggested that as many as 6 million accounts have been affected and that regular old users may have fallen victim as well.
The company said it believed “one or more” individuals had gained access to “a number of” celebrities’ phone numbers and email addresses by exploiting a bug in the app’s software.
In a blog post, Mike Krieger, Co-Founder and CTO, said “No passwords or other Instagram activity was revealed.”
Krieger then highlighted that the bug on the app has already been fixed and they have been working with law enforcement on the matter.
He said they believe only a ‘low percentage’ of their 700 million monthly active users have been affected – potentially several million accounts.
The hacker or hackers may have gone as far as creating a searchable database allowing anyone to find the contact details of any affected user — all for the low price of approximately $10 (paid in Bitcoin, of course), according to reports.
“Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognised incoming calls, texts, or emails,” he said in the post.