High profile users of the popular social media platform Instagram were alerted late August after the company discovered that hackers had gained access to specific users’ contact information. Instagram confirmed that the hackers managed to obtain email addresses and phone numbers of some prominent users by exploiting a bug in the app’s API. On August 31, it was reported that the hackers actually collected the stolen information and created a searchable database dubbed “Doxagram”. Currently, they are charging US $10 per search.
In response to the API exploit, Instagram did not confirm the number or specific accounts that were affected. According to reports, only high profile users were targeted. It is possible that the hackers wanted to abuse the channels with the most followers for some kind of stunt—just this past week we’ve already seen one such hack. In a statement, the company emphasized that “no account passwords were exposed. We fixed the bug swiftly and are running a thorough investigation.”
Although Instagram maintains that user passwords were not compromised, this doesn’t negate the severity of the hack. Email addresses and phone numbers are used as login credentials and backups for many different accounts—and not just on social media platforms. It is entirely possible for an attacker to hijack someone’s phone and access shopping profiles or even banking accounts linked to that number. The fact that most online accounts are accessed and even verified through mobile devices makes phone numbers quite valuable.
Best Practices and Solutions
As more attackers target online accounts, users have to be aware of the security measures available to them. Some tips for managing your online accounts:
Limit the amount of personal information on your accounts, so that the damage is somewhat limited in a worst-case scenario.
Stay updated! Make sure you have the latest version of your apps installed so that you have the most current security measures from the vendor.
Most platforms are already equipped with two-factor authentication so make sure to install 2FA on all your online accounts.
Avoid reusing your password.
Monitor news and digital platforms for the latest news on compromises and hacks.
Install a multilayered security solution on your mobile device.