Enlarge (credit: Vectorink)
At first glance, the Instagram security bug that was exploited to obtain celebrities’ phone numbers and e-mail addresses appeared to be limited, possibly to a small number of celebrity accounts. Now a database of 10,000 credentials published online Thursday night suggests the breach is much bigger.
The database was provided by someone who e-mailed in response to Thursday’s story, mentioned above, about the Instagram breach.

The sender said he was able to scrape personal data belonging to 6 million users and was selling the data in a searchable website for $10 per query.

The person provided a sample of 10,000 of those records.
While Instagram has yet to confirm the authenticity of the sample, an analysis by Ars and security researcher Troy Hunt, maintainer of the Have I been Pwnd breach notification service, all but concludes it’s legitimate.

To protect potentially affected end users, Ars isn’t publishing the sites hosting the sale of the purported 6 million records or the sample, which was freely available when this post was going live.
Read 6 remaining paragraphs

Leave a Reply