Earlier this week, hackers took advantage of an Instagram bug to target the accounts of celebrities and verified users, even gaining access to Selena Gomez’s, but it turns out they also managed to make off with personal information for roughly six million other users. When Instagram came forward admitting their glitch was responsible (and had subsequently been fixed), they said that the breach was limited to verified accounts; but it’s become clear the attack is much more widespread than expected.
While Instagram has clarified that users’ passwords were not stolen, the hack did include personal data like email addresses and phone numbers. The hackers have since come forward stating they have a searchable database called Doxagram where victims’ details can be acquired at $10 a pop.
The Daily Beast was sent a list of 1,000 accounts as an example of what the hackers had obtained, with many of the social network’s 50 most-followed users included. Instagram won’t clarify how many accounts have been affected, only admitting it was a “low percentage of accounts.” 6 million users may be small compared to the over 700 million active accounts on the service, but it’s still a lot of personal data, especially when it consists of a number of celebrities.
According to the security firm RepKnight, the hackers’ database has contact information for celebrities like Leonardo DiCaprio, Emma Watson, Harry Styles, Beyoncé, Taylor Swift, Adele, Britney Spears, and David Beckham. As of Friday evening, the Doxagram site has been taken offline, but it’s not clear if this is temporary or the result of Instagram taking action. This unfortunately doesn’t prevent the personal information from being shared on the dark web.