CYBER NEWS

Instagram Security Bug Exploited By Hackers To Reveal Private Data

Instagram phone using image

Experts warned that a bug in the popular Instagram social network has led to a privacy intrusion into celebrities personal data along with those of ordinary users. The incident was reported after a series of leaks and criminal activity that took place over the past few weeks.

Instagram verification process

Instagram Security Bug Caused Concerns for Celebrities

Instagram became a hot trend a few days ago as a new series of Instagram posts operated by hackers went public. One of the main incidents related to this topic is the famed Justin Bieber nude leak. A private photo of the celebrity was posted on the official profile of Selena Gomez. Even though the social media administrators were quick to remove the post it quickly became viral among Internet users worldwide. According to security experts the most likely cause is a hack due to the service’s API. The Justin Bieber leak is merely the most famous examples that became popular on the Internet.

Last week the service announced that they have fixed an issue that allowed criminals to extract information about the phone numbers and email addresses of the registered users. However this has also impacted some of the high-profile members of the community, including celebrities. The hackers have also supplied a list of about a thousand of famous artists, sports stars and media celebrities to the media. They claim that they have a full collection of data on them. We remind our readers that the famous “The Fappening” and “Celebgate” leaks that occurred over the past few years were the result of phishing and social engineering attacks carried on by criminal groups. It looks like this time the hackers have directly exploited a bug in the service. Fortunately it has been quickly fixed by Instagram’s security team.

As a result of the incident information is now on sale on the hacker underground markets. The price is adjusted to be 10$ per query. Some of the names listed include: Miley Cyrus, Emma Watson, Beyonce and Leonardo DiCaprio.

Related Story: Instagram Scam Alert – Profiles Hacked to Promote NSFW Content

Consequences of the Instagram Securitty Incident

The group behind the Instagram hack is called “Doxagram” and appears to be made up of “Instagram” and the term “doxxing” which refers to posting posting private data online. The searchable database has been linked in various posts and the account administrator is advertising the paid service as “the only Instagram lookup service on the market”. A few days later an anonymous person claiming to be part of the group or the hacker itself claimed that they have made $500 within six hours of posting the ad on the marketplaces. The media reported that one of the people who have been tracking the incidents verified that the database was real as they tested the database using test accounts. The results showcase that the criminals are not using data from other leaks and may have harvested the information by themselves.

It is very possible to experience such attacks in the future as well. Social networks like and image sharing apps like Instagram are one of the most popular hackers targets as they are used by millions of people worldwide. Marketing teams worldwide generate huge profits for their clients and celebrities have used the app extensively in holding private conversations.

Related Story: Android/Spy.Inazigram in 13 Google Play Apps Steals Instagram Credentials

Instagram Verification Profiles Abuse Detected

Another Instagram related criminal campaign has been identified. It appears that there is a well-developed black market for buying the “Verified” status for profiles. This makes it possible for scammers and hackers to set up profiles that pose as legitimate users or companies by setting up their own accounts and paying the “middle man” for the service. According to the terms and conditions the verified status cannot be bought or earned through a set procedure. The “Verified” status is presented as a symbol of trust that is bestowed upon the accounts by the service’s team.

One of the “traders” reveals that the prices depend on the target account ‒ the fee can be anywhere between $1500 to $7500. The process is revealed as the following:

  1. The service is advertised by the traders via private messages on various platforms. This can include both Instagram direct messages, Twitter or Internet chats or forums.
  2. When a prospective buyer is found a negotiation for the fee is carried out. Once the two parties settle on a mutually-agreed price the trader passes on the profile account name to other traders or directly to the responsible parties from Instagram’s team.
  3. The buyer, trader and other profiles submit forms to the service to avoid suspicion.
  4. An Instagram team member that works in connection with the criminals adjust the necessary settings in order to make the profile appear with the verified status.

Another trader lists the following account verification prices: $1500 for Facebook, $2500 for Twitter and $6000 for Instagram. The process takes anywhere between 2-6 weeks and a “money-back guarantee” is promised. The transactions are usually made using private transfers or alternative crypto currencies.

The reason why the prices are the highest within Instagram is that it has one of the strictest procedures. Verification is not made on request but by the use of special forms that are not accessible to everyone. Usually big companies, corporations, media and entertainers have access to the special portal where such requests are made. A profile holder with the status of “Influencer” can initiate the procedure. The list of requested items include the user’s real name, identity documents and the name of a contact working at Facebook or Instagram.

All of this reveals that Instagram and other social services can be used to both extract sensitive information, perform identity thefts crimes or even blackmail victims.

Note: It is possible to get infected with dangerous malware, Trojans and other types of computer viruses that can lead to data abuse. This is the reason why we recommend that all users use a quality anti-spyware solution to protect themselves. If any active infections are found they can be deleted with a few mouse clicks.

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...