The Instagram data breach is reportedly worse than initially suspected, with not just thousands, but MILLIONS of user accounts being compromised – to the tune of over six million high-profile accounts, including celebrities, athletes, and even politicians.
The identity of the hacker (or hackers) is currently unknown, but what is known is that the stolen information, which includes users’ email addresses and phone numbers, are being sold on the website, Doxagram, for only $10 a pop. Fortunately, the passwords were not breached.
Instagram’s vulnerability was uncovered by a security researcher at Kaspersky Labs, who advised the social media giant of the issue he discovered in the “password reset” option found in the mobile API, exposing user email addresses and/or mobile numbers. In response, Instagram sent warnings to its users via email, advising them to remain vigilant in the case of any unusual emails or texts they received.
Experts believe it is possible that the hackers will use the information to gain access to the users’ Instagram, or other social media accounts, and post embarrassing pictures or posts directly from the user’s account.
Instagram is recommending its users to take the following steps:
- Enable two-factor authentication on your accounts
- Pick a secure and unique password for each social media account.
- Avoid clicking on any links or attachments requesting personal information.