Hackers exploit Instagram bug to access phone numbers, email addresses of high profile accounts

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Instagram on Wednesday said one or more hackers accessed email address and phone number information associated with certain high profile accounts using a previously unknown API "bug," but notes the flaw has since been patched.

In a statement sent out to various media publications, Instagram notes no password data was exposed as part of the hack. The exploit took advantage of a flaw in Instagram's API that is used to facilitate app-to-app communications, reports The Verge.

"We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users' contact information — specifically email address and phone number — by exploiting a bug in an Instagram API," the company said. "No account passwords were exposed. We fixed the bug swiftly and are running a thorough investigation."

The Facebook-owned photo sharing firm declined to say how many accounts were affected by the breach.

As a result of the hack, Instagram notified all verified users of the potential information leak, urging caution when receiving phone calls, text messages or emails from unknown sources. In combination with social engineering techniques like spearphishing, the data exposed could be used to gain access user account access.

While not confirmed by Instagram, The Verge posits the security breach could be related to Monday's hack of Selena Gomez's Instagram page. Gomez, who owns the most popular individual account on the service with 125 million followers, was targeted by a nefarious user who took over her page and posted nude photos of ex-boyfriend Justin Bieber. Instagram helped Gomez restore access to her account later that day.