Instagram has suffered a massive data breach, and more than 6million personal data of celebrities have now been put online on doxagram.ws and also for sale. There was a critical API vulnerability that allowed the hackers access the email address and phone numbers of high profiled celebrities.
At the time of this writing, Instagram has now patched the vulnerability, but not before profile of politicians, media companies, sports stars have been stolen and then put on sale on Doxagram.
The hacker has now started sale for lookup of the information for $10/account. According to a security researcher from Kaspersky who also reported the vulnerability, the issue was from the Instagram mobile API, in the reset password option.
The reset password option exposes the email and phone number of the users in JSON response, but not the passwords.
Instagram did not confirm if the hacker claim is true, but said it will be investigating the data breach, and have also warned its users to be cautious of suspicious or unrecognised email, phone call or text messages.