Yet another popular web site with millions of users and brimming with security has fallen victim to hackers.
Instagram – owned by online giant Facebook – has admitted ‘sensitive information’ from millions of accounts, including A-list Hollywood celebrities was stolen when the hackers struck.
The site has refused to say what information is at risk of exploitation, but the data is thought to include phone numbers and emails of at least the top 50 Instagram accounts plus many more.
Instagram has played down the security breach, confessing that a ‘low percentage’ were compromised.
The victims are believed to include Hollywood actor Leonardo DiCaprio and world champion boxer Floyd Mayweather.
Some sources say celebrity contact details and passwords are for sale on the Dark Web.
Software bug exploited
A software bug allowed the hackers access to the Instagram system.
Instagram’s Mike Krieger said that, “we quickly fixed the bug, and have been working with law enforcement on the matter.”
“Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.
“Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognised incoming calls, texts, or emails.
“Protecting the community has been important at Instagram from day one, and we’re constantly working to make Instagram a safer place. We are very sorry this happened.”
711m email account details stolen
Instagram users who access other secure accounts with the same name and password are advised to change them.
The hack follows another much bigger security breach that alleges a Dutch cybercriminal has harvested 711 million usernames and passwords to email accounts.
The number of accounts is greater than the population of the entire European Union.
The data includes email server credentials and allows cybercriminals to bypass anti-spam software to monitor when emails are opened.
The spyware is a single pixel image embedded in a spam email that activates when open to tell the hacker the user’s IP address, location and confirms their email address is active.
Web users can find out if their email has been hacked on the Have I Been Pwned web site.