An Instagram bug allowed hackers to access contact phone numbers and email addresses for high-profile users, the company said today. The bug was discovered recently in Instagram’s application programming interface, or API, which the service uses to communicate with other apps. Instagram declined to specify which users had been targeted, but the news comes two days after hackers accessed the account of its most-followed user, Selena Gomez, and posted nude pictures of her ex-boyfriend Justin Bieber.
“We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information — specifically email address and phone number — by exploiting a bug in an Instagram API,” the company said in a statement. “No account passwords were exposed. We fixed the bug swiftly and are running a thorough investigation.”
The company has notified all of its verified account holders of the possible leak of their contact information. It encouraged users to be cautious if they receive unrecognized phone calls, text messages, or emails.
In at least one case, a user was able to exploit the bug on “some accounts,” though Instagram would not say cite specific accounts or say how many had been affected. But access to a phone number and email address could be used in tandem with social engineering techniques to potentially gain access to a user’s Instagram account.
That likely explains what happened to Gomez, who has 125 million followers on Instagram. Her account was taken down on Monday after hackers gained access to it and posted the photos of Bieber, which were originally made public in 2015. The account was restored later in the day.
Comments
Just another reason (besides unnecessary invasion of privacy) that I do not sign up for apps via phone number or Facebook if it can be avoided.
Generally try to even use a garbage Yahoo email too – same one I use for newsletters.
By JoeMal on 08.30.17 5:40pm
Probably way way more important than this week hacks is the fact that… god knows how many years this bug was active! How many thousands of accounts were continously compromised this way through the years…
By AlexPop on 08.30.17 5:44pm
I suppose it depends on exactly what the bug was and whether or not it was in the API from the start.
By graha.me on 08.30.17 7:58pm
Usually these kind of very critical flaws that are discovered every few months in each of the social networks have been there from the start. Imagine the person or the organization that had acess or knowledge about all these critical bugs since the start…
By AlexPop on 09.01.17 5:03pm
what do you mean usually? I could say "usually these kind of exploits exist inly after a new function or feature has been introduced" to back up my side as well.
By graha.me on 09.03.17 3:53am