Instagram says at least one hacker was able to steal personal information from high-profile user accounts, blaming the breach on a bug in its system that has now been fixed.
“We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information – specifically email address and phone number – by exploiting a bug in an Instagram API,” a spokesperson said in a statement.
Instagram said no account passwords were exposed, and that it has corrected the bug that allowed the information to be stolen.
The glitch in Instagram’s programming interface made it possible for someone to obtain a set of code that possibly contained email addresses and phone numbers of targeted user accounts.
The Facebook-owned service said it believes the hack was aimed at “high-profile users” and that it has notified verified account holders of the issue. An Instagram spokesperson declined to disclose which accounts may have been compromised.
“Our main concern is for the safety and security of our community,” Instagram said. “As always, we encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognised incoming calls, texts and emails.”
Instagram’s disclosure of the breach comes two days after the account of Selena Gomez – the most popular celebrity on the service with 125 million followers – was hacked, resulting in several nude photos of Justin Bieber being posted to her account. Instagram helped Gomez re-secure and restore the account after it was briefly taken down.
On its help site, Instagram’s security tips for keeping accounts safe include using a strong password, changing the password regularly, and using two-factor authentication (which requires entry of a code sent via text message to verify a user’s identity) for additional account security.