Instagram Hack Bigger Than Thought

Instagram, the photo sharing social media network owned by Facebook, said late last week that a cyberattack impacted more people than it previously thought.

According to a report in The Wall Street Journal, originally Instagram said hackers were able to steal email addresses and phone numbers of celebrity accounts but later said regular users were impacted from the security breach.

Celebrities were the target of the cyberattack, Instagram said according to news from the Wall Street Journal. The photo sharing social network operator said no passwords were stolen in the attack, in which hackers were able to take advantage of a bug in the software. Instagram has sinced patched up the account security issue, reported the paper. The company said it wasn’t sure which specific accounts out of its 700 million monthly users were impacted from the breach but told the Wall Street Journal that a “low percentage” were involved. It declined to provide specific numbers, noted the report.

The data stolen in the hack has already made its way online and is being sold, some for $10 via Doxagram, an Internet database the Wall Street Journal cited Instagram as saying. Doxagram says it has the contact information of famous people, such as Mark Zuckerberg, the chief executive of Facebook, and Rihanna, the pop artist.

“Out of an abundance of caution, we encourage you to be vigilant about the security of your account and exercise caution if you observe any suspicious activity, such as unrecognized incoming calls, texts or emails,” Instagram Co-Founder Mike Krieger said in a blog post, reported the Wall Street Journal.

The breach comes even after Instagram has beefed up its security by initiating two-factor authentication measures in March. Security experts recommend that all users activate two-factor authentication options whenever possible. In a nutshell, it requires not only a username and a password from a user during log-in but also a one-time code, key or other information given to the user at the time of log-in that only they could possibly know.