The bug, which appears to be related with Selena Gomez's Instagram hack, allowed hackers to scrape email addresses and contact information for millions of accounts, Instagram said today. (It has since been fixed.) While the company first said the hack was limited to holders of verified accounts, it said today that non-verified users had been affected as well.
Hours after the hack was disclosed, hackers established a searchable database named Doxagram allowing users to search for victims’ contact information for $10 per search. Instagram still will not say how many accounts were affected, other than that it is a “low percentage of Instagram accounts.” There are more than 700 million active Instagram accounts; hackers say they have information on file for 6 million users. Users’ passwords were not exposed in the hack, Instagram said.
As of 5:50 p.m. Friday, Doxagram was offline. It was unclear how or when it might come back. Instagram would not comment on whether it had sought to have the site shut down.
But even with the site shut down, contact information for dozens of celebrities now appears to be floating around on the dark web. A cybersecurity firm named RepKnight said it found what purported to be contact information for celebrities including:
- Actors: Emma Watson, Emilia Clarke, Zac Efron, Leonardo DiCaprio, Channing Tatum.
- Musicians: Harry Styles, Ellie Goulding, Victoria Beckham, Beyoncé, Lady Gaga and Rihanna, Taylor Swift, Katy Perry, Adele, Snoop Dogg, Britney Spears.
- Athletes: Floyd Mayweather, Zinedine Zidane, Neymar, David Beckham, Ronaldinho.
For celebrities and other high-profile users, the hack could mean having to change a phone number, email address, or both.