Facebook-owned company says no passwords were exposed, but as a caution it is rolling out warning messages and requesting users to be vigilant from skeptical calls and texts.
Last week, Instagram just suffered a severe data breach. A group of hackers – going by the name “Doxagram” – claims that they are distributing information from six million hacked accounts on dark web via a Bitcoin forum.
The data includes email addresses and cell numbers of celebrities and ordinary people, which is being sold for $10 each in Bitcoin via a searchable database. After last year’s iCloud hack, it is said to be the biggest attack on private accounts.
How did the attack come to light?
The attack came to notice when Justin Bieber’s nude frontal photos were shared from Selena Gomez’s (ex-girlfriend’s) Instagram account. This trespass might not be serious enough because the hackers do not have any access to the passwords.
But this doesn’t mean that the social networks can relax. It should be considered as a warning and they should start working on accounts security and must ensure that nothing of this sort happens in future.
If incidents like this keep on occurring, then people specially the high-profile ones will be reluctant and may avoid using.
The good news is that the problem is now fixed as stated by Instagram.
The attack was said to be focusing on high profile verified users, but even ordinary accounts have been hacked. On the dark web, personal information of superstars like Emma Watson, Taylor Swift and Harry Styles are available.
It is also assumed that the unwrapped data can be used to set up phishing attacks for many years to come. Using the exposed information cybercriminals can easily send spoof emails or text.
Who are Doxagram?
Doxagram is a group of hackers claiming to be Russian, who used Instagram’s API bug to grab personal details of most followed high profile Instagram users.
After trespassing the information, a database was created on Doxagram and the site operator said that till last Friday morning they have already made $500.
How were the accounts compromised?
The attack was caused due to Instagram’s buggy API which permits other sites and apps to join with it.
The glitch was found in Instagram’s mobile application under the password reset option. Due to this, all private and personal data were exposed. Passwords however could not be accessed. Thank God for that.
The gimmick used in the hit was to send a message for password reset and then acquire the account access via the e-mail address sent for password reset. The 2016 version of Instagram, was targeted this means that users having the updated might be safe.
The susceptibility was exposed by researchers at Kaspersky Labs.
As the issue was brought to light Instagram warned its verified users of illegal entrance to phone and e mail contact information.
“At this point we believe this effort was targeted at high-profile users,” the photo-sharing site said in its alert. “We encourage you to be extra vigilant about the security of your account and exercise caution if you encounter any suspicious activity such as unrecognized incoming calls, texts, and emails.”
“Your experience on Instagram is important to us, and we are sorry this happened.”
This breach shows that hackers can access personal information of the superstars with a little effort. For celebs and other VIPs, the attack would end once they change their contact numbers and email address, but it is not the end. The data can be used for phishing attacks and to gain access for other social accounts.
The bug has disclosed weaknesses within Instagram’s structure. Facebook must take serious measures to tackle such situations.