High-profile hacks are not new, especially not for a service as big as Instagram. Two days ago, a hack led to the account of the most followed celebrity on the network, Selena Gomez, to post naked pictures of Justin Bieber. Now, the Facebook-owned company has confirmed that contact information, specifically email addresses and phone numbers, from several "high-profile" accounts have been stolen from the service due to an API bug.
While the glitch has been fixed, it was not before the attackers were able to bend the bug to their will in order to procure the information of the targeted accounts. Instagram maintains that no passwords were exposed and that all the verified accounts have been notified regardless of whether or not they were affected by the breach.
An Instagram representative said in a statement:
“Our main concern is for the safety and security of our community. As always, we encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognized incoming calls, texts and emails.”
In order to better secure your account, the social network, with a user base of over 700 million, has a two-factor authentication (2FA) method to help increase the security of your profile. However, given that the vector for this attack was via an API, the activation of two-factor authentication may not have necessarily prevented victims from having their personal information stolen in the first instance.