Suspected hackers have gained unlawful access to phone numbers and email addresses of several high profile Instagram users, the company has confirmed.
The hackers exploited bugs in one of Instagram’s faulty APIs to obtain sensitive data belonging to its celebrity users.
In an alert sounded on Wednesday, Instagram said that even though email addresses and phone numbers of several ‘high profile users’ were compromised, no passwords were accessed by the hackers.
‘At this point we believe this effort was targeted at high-profile users. We encourage you to be extra vigilant about the security of your account and exercise caution if you encounter any suspicious activity such as unrecognized incoming calls, texts, and emails,’ the alert read.
It is now likely that hackers may use the stolen information to send phishing emails or texts to unsuspecting Instagram users. They may also attempt to hack into email accounts with poor security credentials.
Instagram’s alert came just hours after a hacker group broke into Selena Gomez’ Instagram account and posted nude pictures of her ex-boyfriend and celebrity Justin Bieber. Selena’s Instagram team had to shut down her account temporarily to recover from the damage. Incidentally, Selena’s Instagram account is the most followed in the world with 125m followers.
Instagram confirmed that the bug in one of its APIs that let hackers get their hands on sensitive details of users was fixed quickly after it was detected. ‘Your experience on Instagram is important to us, and we are sorry this happened,’ the company said.
According to ESET Security Specialist Mark James, the fact that hackers could obtain sensitive details of Instagram users makes it clear that even though such companies invest millions in securing their applications, hackers can always exploit bugs to perpetrate scams or phishing attacks.
In such a scenario, users must protect their accounts with strong security features like two-factor authentication. ‘This sets up an additional level of security that will alert you if someone tries to log into your account without your knowledge and is usually extremely easy to configure and set up. Of course the usual advice of secure unique passwords will help to keep you safe but it won’t help you if your password is compromised, whereas two-factor authentication will,’ he said.
‘With telephone numbers and email addresses out in the wild, superstars and Z-list celebrities alike will need to be on their guard in the coming weeks as the attackers may just use those contact details for other nefarious purposes,’ warns Lee Munson, Security Researcher at Comparitech.com.
‘To be on the safe side, rich and famous Instagram users should probably change their login credentials anyway, remembering to make their passwords complex and unique to each online account they have. If their busy lives make remembering all those passwords too much of a challenge, a password manager would be the obvious answer,’ he added.