Instagram Hackers Now Are Selling Celebrities’ Personal Info On Dark Web

Information containing the email addresses and phone numbers of up to 500 high profile Instagram users (mostly A-listers) is being sold on the dark web by hackers. This is made possible through a bug in the social media giant’s code that basically allowed hackers to gain unauthorized access to an Instagram user’s credentials. Although Instagram has reported having since fixed the flaw, it is quite obvious that some damage has already been done.

The stolen information has been compiled and displayed by way of a searchable database, and interested parties can actually pay to browse the information (at $10 every query). According to security firm RepKnight, the hackers who are selling the information are known collectively as the Doxagram, whose name is inspired by the combination of Instagram and doxxing, a practice that involves exposing somebody’s personal data or files on the Internet. 

So far, Doxagram is reported to have offered private information about well known personalities like Leonardo DiCaprio, Emma Watson, Beyonce, Miley Cyrus, and Floyd Mayweather, just to name a few. The hacker group is also claiming that it has put up the personal information of up to 6 million Instagram users in the searchable database. A user on a bitcoin forum who also uses the name Doxagram is even advertising the service, adopting the business tagline of “the only Instagram lookup service on the market” and is also saying that the group can steal information on any Instagram account.

But wait -- is Instagram doing something about this? Actually, the social media platform has issued a statement recently, strongly suggesting that every Instagram user take utmost care in protecting their accounts, especially if they stumble into any suspicious activity. What examples of suspicious activities exactly? This may include incoming calls from unidentified phone numbers, or unexpected text or email messages. To report these incidents, users are encouraged to head to the menu of their profile and choose Report a Problem and then Spam or Abuse.

What is sad is that the hacked information are actually selling. A person representing Doxagram has reportedly contacted Ars Technica and revealed that it had earned $500 six hours before the searchable database was discovered.

Although it was reported earlier this week that the main target was celebrity Instagram users, but the social media company has since ascertained that some low profile accounts have also been compromised. Instagram maintains that passwords were not stolen, but the leaked personal information can still be used by hackers for purposes of phishing and privacy invasion activities.