Instagram, a Facebook-owned photo sharing app with more than 700 million users, has suffered a massive data breach recently. The attackers gained access to the phone numbers and email addresses for many “high-profile” users including Jennifer Lawrence and HBO, and sold on a website called Doxagram, now in dark web. Instagram claimed that they had released a patch and are running a thorough investigation.
Through the flaw resided in Instagram’s application programming interface (API), the hackers stole 6 million high-profile accounts’ phone numbers and email addresses, but not passwords. The company did not explain the details of the API flaw but has fixed the bug and sent a notice to their users that they should be cautious if they get suspicious and unknown phone calls or emails.
At almost the same time, Selena Gomez’s Instagram account with about 125 million followers was hacked. From that hack, nude photographs of her ex-boyfriend Justin Bieber were posted on the web. Yet in spite of the timing, the company didn’t mention the connection between the two incidents.
However since the hackers focused on the most high-profile accounts, this breach’s victims include plenty of movie stars, politicians, sport stars, and media companies, whose information was being sold on the searchable database Doxagram for $10 a lookup.
Instagram, along with its parent company Facebook, fought back by taking over hundreds of Doxagram’s domains to make the hacker’s website go offline. Despite the company’s effort, it is still difficult to stop the malicious actors. Not only that there are more than 1500 domains, but the hackers have already launched a dark web version of the original version.
It comes back to you and me, normal users.
How to prevent data breach and our account information from being stolen?
• Enable Instagram’s two-factor authentication
• Change password regularly and use strong passwords
• Don’t click suspicious links or download attachments received from an email until you confirm the source that is legitimate.
• Internet services such as Facebook, Google, Twitter, Instagram, do NOT ask for your password through an email.
• Keep your software and apps up-to-date. Having the latest patches that fix most recent vulnerabilities can protect you in the first place.
• Clean your online traces with Privacy Cleaner Learn more
Even though, not being a celebrity, you might think that no one would want to hack into your account, but it’s still important to keep your information private to prevent any loss. The attackers might not target your phone number, yet by having your personal details, they still might be able to steal your money.