The details of vulnerability were not disclosed, but it was announced that the problem allowed cyber criminals to access contact phone numbers and email addresses for high-profile users.
Then representatives of the service assured that the Instagram API bug was promptly eliminated, and not reported the exact number of victims, only stated that the small numbers of users suffered. Later Instagram announced that passwords and other sensitive data were not compromised, and hackers attacked mostly celebrity accounts. However, it was reported that all verified users were notified of the problem and possible data leakage.
As it turned out now, due to the bug problem in the API, hackers attacked not only celebrities accounts. The cyber criminals have launched website Doxagram, which allows to find out the contact details of a particular user just for $10 per search and reported that their database contains information of six million accounts. In evidence hackers provided to The Daily Beast a list of 1,000 alleged Instagram accounts, including top 50 most popular accounts.
At this moment, the website has already shut down (it is possible that hackers change their domains too quickly or maybe move their service to the DarkWeb), but the security researchers managed to find information about famous actors, musicians, politicians, athletes in the Doxagram database.
The Instagram published an official blog post, according to the investigation of the incident continues, and they are working with law enforcement on the matter. Additionally, the Co-Founder & CTO of the social network Mike Krieger acknowledged that the exact number of affected accounts could not be determined even by the developers themselves, but they believe it was a low percentage of user’s accounts.