What’s shady, possibly wearing a hoodie, and is currently sitting on the stolen personal information of an untold number of high-profile Instagram users?
That would be — SURPRISE! — a random hacker. Or several of them.
“We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information — specifically email address and phone number — by exploiting a bug in an Instagram API,” an Instagram spokesperson told Mashable via email. “No account passwords were exposed. We fixed the bug swiftly and are running a thorough investigation.”
Instagram isn’t saying much more than that, and declined to provide details like just how many accounts were targeted and who specifically may have fallen victim. However, the fact that the company is notifying every single verified user of the breach suggests the number is high. Overall, the service boasts more than 700 million monthly active users.
Instagram got hacked, and they just sent this e-mail to me. Just fantastic… my cell phone number compromised. #instagramhack pic.twitter.com/OkFzFP1pIw
— Gregory Michael (@GregoryMichael) August 30, 2017
“At this point we believe this effort was targeted at high-profile users so, out of an abundance of caution, we are notifying our verified account holders of this issue,” the Instagram spokesperson explained.
And just how many verified users are there? When asked, the spokesperson declined to comment. The spokesperson did confirm, however, that the company is aware of one specific person who had breached the system — so at least there’s that.
Notably, news of this hack comes on the heels of an embarrassing moment for the company. Selena Gomez, who with 125 million followers has one of the most popular accounts on Instagram, had her account hacked just a few days ago. Whoever took control of that account used the opportunity to post nude pics of Justin Bieber, so you know this is some serious shit.
SELENA’S INSTAGRAM GOT HACKED IM LAUGHING pic.twitter.com/irTVVa9B2k
— fatima (@heardtroye) August 28, 2017
And while all the non-verified account holders can, for now, breathe a sigh of relief that they apparently weren’t targeted this time around, they shouldn’t mistake that luck for security. Rather, they should take this as an opportunity to enable two-factor authentication and make sure they have a unique password for each online account.
Oh, and while they’re at it, maybe cross their fingers and hope that Instagram doesn’t again fall prey to a solitary hacker with an apparent grudge against the verifieds of the social media world.