Early last week, the Instagram account of singer and actress Selena Gomez was comprised by hackers who posted nude photos of her ex-boyfriend, Justin Bieber, on her feed. The account was temporarily taken down, the photos were deleted and Gomez regained control of her account, but the hack appears to have been the tip of the iceberg. Two days after Gomez’s account was hacked, The Verge reported that a bug had been discovered which allowed hackers to access phone numbers and email addresses of Instagram users.
Instagram published a note on its website last Friday revealing that the bug had been fixed and that only “a low percentage of Instagram accounts” had been affected. A report from The Daily Beast suggests otherwise.
Before the bug was fixed, a group of hackers stole reportedly stole a massive amount of data which they used to launch a searchable database of Instagram users called ‘Doxagram.’ One of the hackers got in touch with The Daily Beast to show the publication a sample of the data it had collected. The list it provided allegedly featured the email addresses and phone numbers of 1,000 Instagram accounts, many of which belonged to high-profile celebrities and politicians (and several of which The Daily Beast was able to verify).
The hackers say that the scraper they set up to exploit the bug initially targeted only Instagram users with over 1 million followers, but eventually moved on to lesser-followed users as well. In all, the hackers claim that they collected user data from over 6 million accounts, which is a relatively “low percentage” of the 700 million+ monthly active users, but still a staggering number of hacked accounts.
Cybersecurity firm RepKnight tells The Verge that some of the high-profile accounts featured in the hack include actors Emma Watson, Leonardo DiCaprio and Channing Tatum; musicians Beyoncé, Lady Gaga and Taylor Swift; and athletes Floyd Mayweather, Zinedine Zidane and David Beckham.
Doxagram was offline as of late Friday, but providing this Twitter account is a legitimate source, the site appears to have been restored as of Monday morning. The hackers are charging $10 per search.