Social media is a wonderful thing. It allows us to instantly connect with an audience of hundreds of millions of people. But it also means that when a bug shows up, it potentially affects hundreds of millions of people, too. And that appears to be what’s happened with a recent issue on Instagram.
Last week, The Verge reported that hackers exploited a bug on Instagram to get the private phone numbers and email addresses of a number of celebrities. Now they say the hack affects millions of Instagram users. And that their private data is now up for sale. Instagram have fixed the bug, but one can’t undo what’s been done.
The bug essentially allowed somebody to access an account’s email address and phone number, even if they were not public. Instagram stress that no passwords or other Instagram activity was seen. Although Instagram say that the bug has now been fixed, bots can work very quickly. All it takes is a few lines of code to set up a script to pull down massive quantities of data in a small amount of time.
We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public. No passwords or other Instagram activity was revealed.
We quickly fixed the bug, and have been working with law enforcement on the matter. Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.
Mike Krieger, Instagram Co-Founder & CTO
Of course, Instagram has over 700 million active accounts. Even 1% is more than 7 million users. And typically “low percentage” describes more than 1%.
A group even launched a website, making a public searchable database containing some of the celebrities’ private information. The site called “Doxagram” has since been taken down. Instagram have not stated whether or not they had any involvement in that. Strangely, though, given who owns Instagram, Doxagram’s Facebook page still exists. Although it hasn’t gained much traction.
Although the site has been shut down, the data is obviously still out there. It’s entirely possible that it went down because somebody has bought all the data in one large chunk. It’s no wonder that so many people are wary of social media.
I suppose the moral of the story is to register accounts on social media with information you can afford to have go public. Even if you think it’ll be private.