Millions of Instagram Users Hacked

Uploaded on 2017-09-13 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

A suspected cyber-criminal claims to have accessed six million Instagram accounts and says that 'Facebook/Instagram has not yet fully understood the full scope of the exploit'

A group of hackers targeting A-list celebrities' Instagram accounts may have accessed millions of users' private data, the social media site has warned.

Singer Selena Gomez appeared to be one of the stars whose accounts were compromised during a cyber-attack on the picture-sharing app last week.

Three naked photos of her ex-boyfriend, Canadian star Justin Bieber, were posted to her 125 million followers before her profile was shut down.

Following the hacking spree, Instagram said it believed "one or more" individuals had gained access to "a number of " stars phone numbers and email addresses by exploiting a bug in the app's software.

The company quickly fixed the bug, but not before hackers began advertising users' private information in exchange for crypto-currencies on the dark web.

Hackers provided a sample of the data to The Daily Beast, who confirmed that it appeared to include private information from high-profile Instagram accounts as well as ordinary users.

Instagram has issued a new statement confirming that the hack may have affected non-verified accounts.

"Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts," a spokesperson told Mashable.

The social media company said they thought a "low percentage" of their 700 million monthly active users could have been affected, potentially several million accounts.

Instagram co-founder Mike Krieger said: “We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public. No passwords or other Instagram activity was revealed.

“We quickly fixed the bug, and have been working with law enforcement on the matter. Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.

“Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognised incoming calls, texts, or emails.

"Additionally, we’re encouraging you to report any unusual activity through our reporting tools. You can access those tools by tapping the “…” menu from your profile, selecting 'Report a Problem' and then 'Spam or Abuse'.

“Protecting the community has been important at Instagram from day one, and we’re constantly working to make Instagram a safer place. We are very sorry this happened.”

Independent:

You Might Also Read:

Nude Celebrity Photo Hacker Jailed:

 

« US Conducts Computer War Games in Response to North Korea Missile Launch
Cyberwar: A Guide »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DLA Piper

DLA Piper

DLA Piper is a global law firm with offices throughout the Americas, Asia Pacific, Europe and the Middle East. Practice areas include Cybersecurity.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Modulo Security

Modulo Security

Modulo provides automated Governance, Risk, and Compliance (GRC) solutions.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Baffin Bay Networks

Baffin Bay Networks

Baffin Bay Networks operates globally distributed Threat Protection Centers™, offering DDoS protection, Web Application Protection and Threat Inspection.

Rogers Cybersecure Catalyst

Rogers Cybersecure Catalyst

Rogers Cybersecure Catalyst helps Canadians and Canadian companies seize the opportunities and tackle the challenges of cybersecurity.

Pivot Point Security

Pivot Point Security

Pivot Point Security is a trusted leader in information security consulting. We help clients master their information security management systems.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

Phished

Phished

Phished is an AI-driven platform that focuses on the human side of cybersecurity. By combining fully automated training software with personalised, realistic simulations of cyberattacks.

Crowe

Crowe

Crowe is a public accounting, consulting, and technology firm that combines deep industry and specialized expertise with innovation.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cylerian

Cylerian

Cylerian is a Next Generation SaaS Security Platform - One unified cloud platform to achieve your security, compliance, and operational objectives.

Prequel

Prequel

Prequel is your real-time problem detection and resolution platform, powered by the global reliability community.

Cyber Dagger

Cyber Dagger

Cyber Dagger is a cybersecurity company driven by a mission to protect digital infrastructures and close the cybersecurity skills gap.

AXGATE

AXGATE

AXGATE is a specialized security solutions company based on our distinctive technological capabilities in the field of network information protection.