14 DAY TRIAL // Instagram has confirmed that a security bug in the service allowed hackers to access and steal private information of high-profile users with verified accounts, including phone numbers.
While no specifics were provided on the bug itself, Instagram said in a statement for TIME that exploiting the bug allowed hackers to access personal information of users, including the email addressed they configured with the service and phone numbers that were used for two-factor authentication.
Instagram confirms that at least one hacker who discovered the bug used it to breach accounts and reach the personal information of high-profile users, but no specifics were provided as to who was targeted by the hack.
“We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users' contact information — specifically email address and phone number — by exploiting a bug in an Instagram API,” Instagram was quoted as saying.
No passwords stolen
At the same time, Instagram claims that no other details were stolen and no passwords were compromised, revealing that it has already contacted the accounts that might have been impacted following the breach to take additional security measures.
“As always, we encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognized incoming calls, texts and emails,” Instagram said.
The Instagram accounts of several celebrities got hacked lately, including the one belonging to singer Selena Gomez, who currently owns the most popular account on the service with more than 125 million followers. Following the breach, the hacker who gained access to the account posted nude photos of Justin Bieber, the singer Gomez was dating a couple of years ago.
There’s little chance, however, for the hack to be linked with the bug that Instagram acknowledged, as the information that attackers would have obtained by exploiting the said issue in the Instagram API couldn’t provide access to the account itself.