Instagram, a Facebook-owned photo sharing app with more than 700 million users, has suffered a massive data breach recently. The attackers gained access to the phone numbers and email addresses for many “high-profile” users including Jennifer Lawrence and HBO, and sold on a website called Doxagram, then in dark web. Instagram claimed that they had released a patch and are running a thorough investigation.
Through the flaw resided in Instagram’s application programming interface (API), the hackers stole 6 million high-profile accounts’ phone numbers and email addresses, but not passwords. The company did not explain the details of the API flaw but has fixed the bug and sent a notice to their users that they should be cautious if they get suspicious and unknown phone calls or emails.
Almost the same time, Selena Gomez’s Instagram account with about 125 million followers was hacked and posted her ex-boyfriend Justin Bieber ‘s nude photographs. Though the company didn’t mention the connection between two incidents.
However since the hackers focused on the most high-profile accounts, this breach’s victims include plenty of movie stars, politicians, sport stars, and media companies, whose information were being sold on a searchable database Doxagram for $10 a lookup.
Instagram, along with its parent company Facebook, fought back by registering hundreds of Doxagram domain to make the hacker’s website offline. Despite the company’s effort, it is still difficult to stop the malicious actors. Not only that there are more than 1500 domains, but the hackers have already launched a dark web of its original version.
It comes back to you and me, normal users.
How to prevent data breach and our account information from being stolen?
• Enable Instagram’s two-factor authentication
• Change password regularly and use strong passwords
• Don’t click suspicious links or download attachments received from an email until you confirm the source that is legitimate.
• Internet services such as Facebook, Google, Twitter, Instagram, do NOT ask for your password through an email.
• Keep your software and apps up-to-date. Having the latest patches that fix most recent vulnerabilities can protect you in the first place.
• Clean your online traces with Privacy Cleaner Learn more
Even though, not being a celebrity, you might think that no one would want to hack into your account, it’s still important to keep your information private to prevent any financial loss. The attackers might not target at your phone number. Yet by having your personal details, they might be able to steal your money.