Instagram is alerting high-profile users that someone could have accessed their phone number and email address through a bug in its software.
In an email sent to verified users on Wednesday, Instagram said that no account passwords were accessed, and the bug has been fixed. It is reminding those people to use two-factor authentication and unique passwords to protect their accounts.
“We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information — specifically email address and phone number— by exploiting a bug in an Instagram API,” an Instagram spokesperson said in a statement to CNN Tech.
“As always, we encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognized incoming calls, texts and emails.”
Instagram declined to say how many people had been targeted, and declined to comment on individual accounts.
Earlier this week, entertainer Selena Gomez’s Instagram account got hacked. Old photos of ex-boyfriend Justin Bieber were posted on her account.
Phone numbers and emails are important personal identifiers, and potential hackers can find out a lot of information about people by investigating them.
“With an email address and a telephone number, it’s not difficult to cross reference information online to find out more about a target, even a celebrity,” said privacy expert Jessy Irwin.
Someone could send the user phishing emails or texts to steal credentials and login to their accounts. It could also be possible for a hacker to steal someone’s phone by hijacking their SIM card and gain access to other private accounts linked to the phone number.
“Because most accounts rely on phone numbers as a backup to get into an account or to grant access with a second factor, it would not be difficult for a criminal to break into an email account or to access phone backups, which are full of important information,” Irwin said.
Whether you’re a celebrity or average user, it’s always important to practice good security hygiene. Use hard to guess passwords, unique passwords on every account, two-factor authentication, and password managers to help keep track of your logins.