Six million Instagram accounts are at risk of a major privacy breach after hackers claimed to have personal information about the account holders. The hackers have threatened to reveal email addresses and phone numbers.
The wide scale hacking activity on Instagram came to light after hackers shared photos from singer Selena Gomez's account. Many security researchers have discovered personal information about celebrities like Emma Watson, Taylor Swift and Harry Styles on the dark web.
After leaking personal details of celebrities online, hackers have also created a dark database that lets anyone access the information by just paying $10 per search. On knowing about the hack, Instagram initially said that only a "low percentage" of accounts had been compromised, but now hackers have claimed that they have access to six million accounts. Since then, Instagram has advised users to protect their account and change their password.
The hackers go by the name "Doxagram" and are claiming to be Russian. They have also advertised for their hacked information on online forums - "it is only $10 (price of 2 cups of coffee) for celebrity contact info". One website related to the hackers has been taken down since. Facebook has also doubled down on its efforts to purchase and disable domain names that are used by the hackers.
Not just celebrities, the official Instagram account for the President of the United States of America that is run by the social media team at the White House, was also reported to be among the list of hacked accounts.
Talking about the major hack attack, Instagram co-founder Mike Krieger said:
We quickly fixed the bug, and have been working with law enforcement on the matter.
A UK-based cybersecurity company RepKnight told The Verge that 500 celebrity accounts have been hacked. RepKnight analyst Patrick Martin says, "While Instagram has now fixed the bug that lead to the leak, the cat is out of the bag now, and those affected will have to take extra care to maintain their privacy".
How did the hackers get into the system?
The flaw was in the password reset option in the Instagram mobile app, which lead to exposing personal details such as mobile numbers and email addresses, except for passwords. The trick used in the attack was to send a request for the password reset and then retrieve the account through the e-mail address sent for the password reset. This vulnerability was a part of the 2016 version of Instagram, which means that users on the current version should be safe.
Reportedly, the vulnerability was discovered by researchers at Kaspersky Labs, and they quickly reported it to Facebook.
Keep your Instagram account safe with two-factor authentication
Two-factor authentication is the need of the hour as hack attacks are rising. Follow this article to know how you can turn it on for Instagram: