Cybercriminals selling access to a hacked Instagram database containing the contact information of the app’s biggest users claim to have already made more than $4,000 in spite of efforts to keep them offline.
The phone numbers and email addresses associated with Instagram’s high-profile account holders were recently compromised as the result of a software bug, and cybercriminals launched a website last week letting customers query the database for $10 per search.
The site, Doxagram, has been booted off at least two different web addresses since launching last Thursday, and Instagram and its parent company, Facebook, have registered hundreds of different domain names involving “Doxagram” ranging from doxagram.lol to doxagram.org in a effort to to keep the service from reemerging elsewhere with the same name, The Daily Beast reported Tuesday.
Despite the tech titans’ effort, a Doxagram administrator said the service generated over $4,100 in its first days days of operation.
“I’m pretty satisfied, especially considering most of it was over the weekend,” the person told The Daily Beast for Tuesday’s report.
Doxagram was still online Tuesday afternoon on the dark web, an unindexed and difficult-to-regulate portion of the internet typically accessed using specialized browsing software.
Neither Instagram nor Facebook responded to questions involving Doxagram, but an Instagram spokesperson acknowledged the service in a previous statement, The Daily Beast reported.
“We now also know that some individuals are attempting to sell the contact information that was obtained. We take people’s security very seriously and are working closely with law enforcement on this matter.”
Instagram warned its high-profile users Wednesday that the contact information of certain account holders had been compromised as the result of a bug affecting its API, or application programming interface. No passwords were leaked as a result of the bug, Instagram said, but cybercriminals could potentially exploit the exposed contact information nonetheless.
“We encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognized incoming calls, texts and emails,” Instagram said.
Instagram boasts about 700 million registered users, including 375 million daily users. Doxagram’s stolen database includes the contact information for about 6 million Instagram users, according to its administrator, including accounts associated with President Trump and soccer star Cristiano Ronaldo, among others, The Daily Beast reported.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.