Hackers selling Instagram users phone and e-mail details for $10
After Selena's Hack, Millions of more accounts may be hit
A seller on the darknet was able to harvest the email addresses and phone numbers of up to 500 celebrities by way of a bug in the popular photo-focused social network. The flaw let hackers steal a user’s credentials  and was patched after researchers with Kaspersky Lab warned Instagram on Tuesday.
At first glance, the Instagram security bug that was exploited to obtain celebrities’ phone numbers and e-mail addresses appeared to be limited, possibly to a small number of celebrity accounts. Now a database of 10,000 credentials published online Thursday night suggests the breach is much bigger.
Hours after the hack was disclosed, hackers established a searchable database named Doxagram allowing users to search for victims’ contact information for $10 per search. The hacker provided a list of 1,000 accounts they said were available for searching on Doxagram to the Daily Beast.
Instagram admitted the security bug in a letter today, though it downplayed how many users had been affected.
“Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts,” wrote Instagram CTO Mike Krieger.
However, Doxagram, the site selling the information via the hackers, appears to be down.
Regardless of whether the site selling the information is gone for good, the hackers still have direct contact information for several high-profile accounts and may still be selling in some other way.