A group of unknown hackers used a flaw that exposed users’ private data affected a very higher number of accounts than Instagram originally said. Singer Selena Gomez seemed to be one of the stars whose accounts were hacked through a cyber attack on the picture-sharing app last week.
The flaw enabled hackers to scrape email addresses and private data for millions of accounts. While the company first said the hack was limited to owners of verified accounts, it said that non-verified users had been affected as well.
According to Instagram:
“Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts,”
The bug affected more than 6 million Instagram accounts, including politicians, actors, famous football players and organizations, who have had their Instagram account information, including emails and private data, available for sale on a website, named Doxagram.
Instagram co-founder said:
“We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public. No passwords or other Instagram activity was revealed.
“We quickly fixed the bug, and have been working with law enforcement on the matter. Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.
Users are recommended to enable two-factor authentication to avoid such attacks.