Despite social media platform, Instagram’s alerting verified users last week that it had fixed a security flaw that could give hackers access to their personal information, there are concerns that the bug was exploited before Instagram’s fix, which affected more than the most high-profile accounts.
Hackers are selling email and phone number data allegedly belonging to Instagram accounts that they say they scraped before the flaw was fixed, some concerned persons have said.
Last Friday, Mike Krieger, Instagram CTO, published a blog post alerting all users to the security flaw.
“Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts. We want to reiterate that no passwords were exposed in this issue,” the company said in a statement.
A spokesperson told CNN Tech they are aware individuals are trying to sell the information, and the company is working with law enforcement.
Specifically, people can look for usernames on a searchable database and buy personalized data for $10 each. The website can’t be accessed by traditional web browsers.
A manager of the database told CNN Tech that “we have a variety of high profile accounts, normal accounts, and very high profile celebrities.”
The hackers claim to have personal information associated with over six million accounts. The manager of the database said he heard about the Instagram vulnerability on a private chat room, and accessed the data on August 25.
According to CNN Tech, Facebook, which owns Instagram, declined to comment on Friday.
Earlier last week, reports had it that entertainer Selena Gomez’s Instagram account was hacked and old photos of ex-boyfriend Justin Bieber were posted to her account.
Hackers can use phone numbers and emails to find out a lot about a person. For example, an attacker could take over a phone by hijacking its SIM card and gain access to accounts associated with the phone number.