Instagram Bug Allowed Hackers to Obtain Phone Number, Email Address of Verified Users

 
Share on Facebook Tweet Share Share Reddit
Instagram Bug Allowed Hackers to Obtain Phone Number, Email Address of Verified Users

Photo Credit: Instagram

Highlights

  • The bug was part of Instagram's API
  • Gomez's account was broken into on Monday
  • Phone numbers and email addresses obtained

A bug in Instagram allowed hackers to obtain access to phone numbers and email addresses of high-profile user accounts, i.e. verified users, the company has revealed. The bug was part of Instagram's application programming interface (API), which is used to communicate with other apps.

It might also help explain the hack of singer-actress Selena Gomez's account from earlier this week, which was followed by nude pictures of her ex-boyfriend Justin Bieber from 2015. Gomez is the most-followed person on Instagram with over 125 million followers.

“We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information – specifically email address and phone number — by exploiting a bug in an Instagram API,” Instagram said in a statement. "No account passwords were exposed. We fixed the bug swiftly and are running a thorough investigation.”

Instagram has also contacted all its verified users and notified them of the possible leak of personal information. The company wouldn't comment on which accounts had been compromised. Gomez's Instagram account was broken into briefly on Monday, before the pop star regained access a few hours later, with help from the company.

“Our main concern is for the safety and security of our community,” Instagram added. “At this point we believe this effort was targeted at high-profile users. We encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognised incoming calls, texts and emails.”

For what it's worth, Instagram does have support for two-factor authentication, though it remains unclear if the affected accounts had it enabled, or whether it was somehow bypassed by the hackers.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Instagram
Akhil Arora

Akhil identifies himself as a stickler for detail and accuracy, and strongly believes that robots will one day take over most human jobs. In his free time, you will ... More

Nokia 130 (2017) Now Available to Buy in India: Price, Specifications
LG V30 With 6-Inch FullVision Display, Dual Rear Cameras Launched at IFA 2017; Releasing on September 21
 
 

Advertisement