recommended reading

Threatwatch

Hackers Want to Sell Personal Info of Cristiano Ronaldo, POTUS and Other Instagrammers

Data dump; Stolen credentials

Instagram’s battle against hackers attempting to sell personal information attached to some high-profile accounts has turned to registering domain names.

Instagram acknowledged Sept. 1 a security flaw that could be used to access users’ email addresses and phone numbers that were not publicly available. Then Doxagram popped up, a website with a searchable database of alleged personal information from Instagram, The Daily Beast reported. The hackers behind it claimed to have 6 million accounts, including those with millions of followers like soccer star Cristiano Ronaldo, the president of the United States’ official account and other celebrities. They charge $10 per search.

The website went offline Friday, according to The Verge, but Instagram is trying to stop the spread of data.

Instagram and its parent company, Facebook, are registering hundreds of doxagram-related domains—such as .org, .lol and .website—in an attempt to limit the hackers' options, The Daily Beast reported Sept. 5. The Doxagram operators keep sharing new domains on Twitter but also opted to launch a dark web version of their site, which doesn’t require a domain name company.

“Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails,” Instagram Co-founder and Chief Technology Officer Mike Krieger wrote in a blog post.

sector

Social Media

reported

August 31, 2017

reported by

The Daily Beast

number affected

6 million

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

Unknown