Massive Data Breach Exposes Millions of Instagram Accounts
In a significant cybersecurity incident, Instagram has confirmed a data breach that has compromised the personal information of over six million users. This breach reportedly involves a wide range of accounts, including those of public figures such as politicians, athletes, and media personalities. The breach is currently attributed to an unidentified hacker who has amassed the sensitive data and is now offering it for sale on a platform known as Doxagram.
The severity of the breach comes on the heels of Instagram’s recent efforts to address a critical API vulnerability. Just one day prior, reports emerged that Instagram had patched a flaw that allowed attackers to access the email addresses and phone numbers of verified accounts through the app’s mobile API, specifically within the password reset function. This vulnerability appears to have facilitated the large-scale data theft.
Details of the breach indicate that the attacker has established Doxagram as a lookup service for stolen account information, charging $10 per account for access to the sensitive data. Such incidents raise critical questions around data security, particularly for verified accounts that may house significant personal and professional information.
A security expert from Kaspersky Labs, who previously flagged the vulnerability to Instagram, explained that the issue stemmed from an exposed JSON response that revealed users’ mobile numbers and email addresses without disclosing their passwords. While Instagram has yet to confirm the hacker’s claims or the identity of those behind this breach, the company is actively conducting an investigation into the matter.
This incident follows another alarming event in which the Instagram account of Selena Gomez, the platform’s most-followed user with over 125 million followers, was hacked. Content posted included unauthorized explicit images, although the connection between this recent data breach and Gomez’s account has not been substantiated by Instagram.
In light of these security concerns, Instagram has advised all verified users to remain vigilant, sending out notifications to encourage caution against potential phishing attempts involving unsolicited calls, texts, or emails. With both email addresses and phone numbers exposed, there is a heightened risk that adversarial actors could employ social engineering tactics to access verified accounts, potentially leading to further social and reputational damage.
To bolster security, users are urged to enable two-factor authentication and adopt strong, unique passwords for their accounts. Additionally, individuals should exercise caution against clicking on dubious links or sharing personal information without verifying the source.
From a tactical perspective, the adversary may have utilized initial access techniques to exploit Instagram’s API. Following this, persistence could have been established through the compromised accounts, allowing the attacker to maintain access and control over the acquired data. The scenarios described align with various MITRE ATT&CK tactics and techniques, particularly in the realms of account manipulation and credential dumping, thereby illustrating the complex landscape of today’s cyber threats.
As the investigation continues, the incident serves as a sobering reminder of the evolving nature of cyber threats, emphasizing the need for stringent data protection measures and ongoing vigilance to safeguard against future breaches.
