Instagram breach results in up to 6 million users' phones and email adresses being sold for 10 bucks a pop


If you've been on the internet in the past, say, five years or so, you've undoubtedly at some point been the target of a request to enable two-factor authentication for some online service. And while giving away your phone number to a random corporation doesn't sound like the best idea ever, this is one of the best ways to protect your accounts against unauthorized third parties.

But it seems that even a huge tech giant like Facebook has a bit of a trouble with not just giving away users' private info — a report from Variety has just highlighted how hackers have been exploiting Instagram's password recovery to steal and sell off users' private information, including email addresses and — if they had 2FA enabled — their phone numbers.

But while high-profile hacks are a dime a dozen these days, what's staggering here is how easily the information was obtained: in essence, sending a password reset request from an old version of the Instagram app resulted in a response containing an account's private data (sans password, thankfully).

Instagram claims to have already patched the bug, and has also notified all holders of verified accounts (celebrities were initially thought to be the primary target of the attack). Not that this would be of any help against a leaked phone number, of course.

However, the number of affected accounts seems to be quite a bit larger than initially claimed: Ars Technica reports that they were contacted by the owner of a website selling access to a searchable database of 6 million breached Instagram accounts. To prove that, they sent a "sample" containing 10,000 accounts, which Ars claims to be legitimate. The kicker? The website is publicly available, and can be accessed for $10 per search.

The latest official Instagram user count says there are about 700 million registered accounts, so the chances of your account being a part of this alleged 6 million figure are about 0.56%. So this is a pretty tiny hack when compared with 2013's Adobe breach (150 million accounts), or the two Yahoo hacks from last year (1.5 billion). Regardless, it's advisable to check up on Have I been pwned? every once in a while just to be on the safe side.

FEATURED VIDEO

24 Comments

1. lyndon420

Posts: 6790; Member since: Jul 11, 2012

Yup...just another reason why I gave up on all social media awhile back. Besides...PA provides more than enough drama in their comment sections lol.

2. trojan_horse

Posts: 5868; Member since: May 06, 2016

Really ! The comments section is what keeps me coming back here... It's so much fun.

4. TeriusRose

Posts: 108; Member since: May 12, 2017

Sometimes. But the random hostility, faux outrage, and endless stream of complaints whenever an Apple or Samsung story is posted does get a bit tiring after a while. Or sometimes, people finding reasons to be upset about subjects that aren't even remotely connected to the article they're posting on.... somehow. But, it can still be fun. That, and people *really* don't like it whenever a reviewer doesn't agree with their personal opinion of a phone... Which I kind of get.

5. trojan_horse

Posts: 5868; Member since: May 06, 2016

Yeah, you've got a point, there. How you been doing, man? It's been quite a while.

6. TeriusRose

Posts: 108; Member since: May 12, 2017

It definitely has been, and I've been alright. Thanks for asking! I haven't really been on this site much this past year since I've been focusing so much on growing my businesses and some other things related to creative projects I'm working on... but, things are beginning to go in the direction I want and a fantastic opportunity kind of fell in my lap. How have you been? What's new with you my dude?

8. Podrick

Posts: 1285; Member since: Aug 19, 2015

What happened to your original account?

9. trojan_horse

Posts: 5868; Member since: May 06, 2016

Hey Podrick, he deactivated his original account because his account was affected by a PA glitch which randomly blocked many accounts here. But then, he didn't realize he could havd gotten his account back when the glitch gets fixed, so he deactivated it ti create this one. The accounts and comments section glitch on this site caused a real chaos.

11. Podrick

Posts: 1285; Member since: Aug 19, 2015

I see. My account was randomly banned too by the PA glitch. Almost created a new one but the next day, account worked just fine.

10. trojan_horse

Posts: 5868; Member since: May 06, 2016

"How have you been? What's new with you my dude?" Yo, the Note 8 is new on my pre-order list. As well as a new 2017 Corvette Z06 which I bought for my eldest son. Life hs been well with me man... Cheers!

16. TeriusRose

Posts: 108; Member since: May 12, 2017

Damn, that is one hell of a gift and I'm sure he's absolutely in love with it already. I'm glad to hear that! Too much of life is spent struggling to reach those moments of peace and satisfaction. I hope your time on that sliver of paradise is a long one my friend. Really :-)

17. trojan_horse

Posts: 5868; Member since: May 06, 2016

It was a gift for his 24th birthday. The guy went berserk when he saw it. "Too much of life is spent struggling to reach those moments of peace and satisfaction" I hope you find that satisfaction real quick. Life is short, brah. :)))

20. lyndon420

Posts: 6790; Member since: Jul 11, 2012

An age restriction would be nice.

22. L0n3n1nja

Posts: 1557; Member since: Jul 12, 2016

It really is, these comments are entertaining with the trolls, and the idiots who shout opinion as fact and act like they are never wrong, the childish insults, etc. It's kind of like being in high school, I suspect many commenters on here are kids, or we're a bunch of immature adults. Either way, grab some popcorn and have a good time scrolling phonearena comments. Lol

3. TeriusRose

Posts: 108; Member since: May 12, 2017

Might be safer to get off the Internet altogether, burn all your electronics and go back to physical mail. I'm sure there are at least a couple people in the world who have gone to that lake.

14. JasontheVeteran

Posts: 51; Member since: Jun 05, 2017

Says the doofus posting on the internet. lol

15. TeriusRose

Posts: 108; Member since: May 12, 2017

Yes, your powers of observation are astounding.

19. Spyro

Posts: 334; Member since: Mar 29, 2017

Only doofus here is the guy who doesn't understand "sarcasm".

21. lyndon420

Posts: 6790; Member since: Jul 11, 2012

That's taking it to the extreme. Simple texting and actual phone calls are fine.

7. zeppo

Posts: 200; Member since: Jul 21, 2015

I'm old school so a desktop browser with ublock is much better than those mobile app with all permission that can access you phone number, camera, recording, gps ..really? so creepy! not to mention annoying ads.

13. JasontheVeteran

Posts: 51; Member since: Jun 05, 2017

I'm guessing you're rocking a flip phone from the early 2000's or a brick phone by Motorola. lol

12. JasontheVeteran

Posts: 51; Member since: Jun 05, 2017

Thank You Mark. You love your privacy, but you hate others having such privacy. He is ruthless and disgusting.

18. Spyro

Posts: 334; Member since: Mar 29, 2017

He still donated to charity more than you would for the rest of your life. Also, you already sold your privacy the moment you opened your browser. Bummer.......

23. L0n3n1nja

Posts: 1557; Member since: Jul 12, 2016

Simply having a cell phone or home internet destroys your privacy. Every where we go, everything we do, is traceable now.

24. someguy226

Posts: 9; Member since: Mar 28, 2015

Wow he donated money that he earned , supposedly stealing his friend idea, and most likely with heavy government backing to create a biggest data collection site. Its not coincident that facebook is so big . They can channel traffic to their sites.And the charityies are usually just front for money lundrying. Wow he is so great. I think spyro is on Facebook's PR payroll.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.