“We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information – specifically email address and phone number — by exploiting a bug in an Instagram API,” a rep said in a statement.
Instagram said no account passwords were exposed, and that it has corrected the bug that allowed the information to be stolen. The glitch in Instagram’s application programming interface made it possible for someone to obtain a set of code that possibly contained email addresses and phone numbers of targeted user accounts.
The Facebook-owned service said it believes the hack was aimed at “high-profile users” and that it has notified verified account holders of the issue. An Instagram rep declined to disclose which accounts may have been compromised.
On its help site, Instagram’s security tips for keeping accounts safe include using a strong password, changing the password regularly, and using two-factor authentication (which requires entry of a code sent via text message to verify a user’s identity) for additional account security.
