The size of the Instagram hack reached over 6 million users, as hackers are doing a brisk business charging $10 per individual for contact information on a searchable data base.
There are numerous hackers on the dark web that advertise they will guess passwords to access social media accounts for profit. The most common paid hack is to uncover infidelity by accessing devices and then downloading GPS location tracking, call log retrieval, SMS, keylogging, calendar monitoring and email spying.
But this week cyber-thieves exploited a bug in application program interface (API) that allowed hackers to upload some portion of the 700 million Instagram individual accounts. Data extracted included phone numbers and email addresses from “verified accounts,” which usually means celebrities. No passwords appear to have been uploaded, yet.
Instagram, the Snapchat (OTC:SNAP) knock-off owned by Facebook (NYSE:FB), tried to reassure users after a hack of Selena Gomez‘s Instagram account resulted in access to nude photos of her ex-boyfriend, Justin Bieber. The company claimed that hack was a limited intrusion and that its security team had returned control of the account to the 2016 American Music Awards multi-winner.
According to the Verge, Instagram initially stated the hack was limited to few celebrities, including actors: Emma Watson, Emilia Clarke, Zac Efron, Leonardo DiCaprio, Channing Tatum; musicians: Harry Styles, Ellie Goulding, Victoria Beckham, Beyoncé, Lady Gaga, Rihanna, Taylor Swift, Katy Perry, Adele, Snoop Dogg, and Britney Spears; and athletes: Floyd Mayweather, Zinedine Zidane, Neymar, David Beckham, and Ronaldinho.
But on September 1, the hackers provided a list of 1,000 Instagram verified accounts, including the 50 most followed, to the Daily Beast. The hackers stated they were offering millions of other users’ contact information for $10 a piece on a website called “Doxagram.”
Facebook/Instagram has been forced to acknowledge that the hack displaying user contact information covered at least 6 million accounts, and that the company is working with law enforcement to stop further intrusions. Doxagram was offline on September 2.
CTO and co-founder Mike Krieger acknowledged on Instagram’s blog that the company could not be sure how many users’ accounts had been compromised, but hoped it was a low percentage. He warned: “We encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognized incoming calls, texts and emails.” He also apologized that the hack had happened.
The timing of the Instagram hack is a potential financial disaster for Facebook, because it comes less than a month after the one-year-old “Instagram Stories” vaulted to 250 million users, versus Snapchat’s 166 million users, according to TechCrunch.
With advertisers are most interested in eyeballs over time, Instagram’s average under-25 usage of 32 minutes a day and its over-25 average of 24 minutes a day compare favorably to Snapchat’s 30 minutes a day for under-25’s and 20 minutes a day for over-25’s. Both are far ahead of Facebook’s usage of only 20 minutes per day (and falling).
COMMENTS
Please let us know if you're having issues with commenting.