- Nouvelles de sécurité
- Cybercrime & Digital Threats
- Hackers Exploit Instagram API Flaw to Steal Information from Verified Users
High profile users of the popular social media platform Instagram were alerted late August after the company discovered that hackers had gained access to specific users’ contact information. Instagram confirmed that the hackers managed to obtain email addresses and phone numbers of some prominent users by exploiting a bug in the app’s API. On August 31, it was reported that the hackers actually collected the stolen information and created a searchable database dubbed “Doxagram”. Currently, they are charging US $10 per search.
In response to the API exploit, Instagram did not confirm the number or specific accounts that were affected. According to reports, only high profile users were targeted. It is possible that the hackers wanted to abuse the channels with the most followers for some kind of stunt—just this past week we’ve already seen one such hack. In a statement, the company emphasized that “no account passwords were exposed. We fixed the bug swiftly and are running a thorough investigation.”
Although Instagram maintains that user passwords were not compromised, this doesn’t negate the severity of the hack. Email addresses and phone numbers are used as login credentials and backups for many different accounts—and not just on social media platforms. It is entirely possible for an attacker to hijack someone’s phone and access shopping profiles or even banking accounts linked to that number. The fact that most online accounts are accessed and even verified through mobile devices makes phone numbers quite valuable.
As more attackers target online accounts, users have to be aware of the security measures available to them. Some tips for managing your online accounts:
Users and enterprises can benefit from mobile security solutions such as Trend Micro™ Mobile Security for Android™ (available on Google Play) and also Trend Micro™ Mobile Security for iOS™. Trend Micro™ Mobile Security for Enterprise provides businesses with device, compliance, and application management, data protection, and configuration provisioning. It also protects devices from attacks that leverage vulnerabilities, prevents unauthorized access to apps, as well as detecting and blocking malware and fraudulent websites.
Updated: September 3, 2017 11:30 PM
Article was updated with news regarding "Doxagram"
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.