Instagram’s battle against hackers attempting to sell personal information attached to some high-profile accounts has turned to registering domain names.
Instagram acknowledged Sept. 1 a security flaw that could be used to access users’ email addresses and phone numbers that were not publicly available. Then Doxagram popped up, a website with a searchable database of alleged personal information from Instagram, The Daily Beast reported. The hackers behind it claimed to have 6 million accounts, including those with millions of followers like soccer star Cristiano Ronaldo, the president of the United States’ official account and other celebrities. They charge $10 per search.
The website went offline Friday, according to The Verge, but Instagram is trying to stop the spread of data.
Instagram and its parent company, Facebook, are registering hundreds of doxagram-related domains—such as .org, .lol and .website—in an attempt to limit the hackers' options, The Daily Beast reported Sept. 5. The Doxagram operators keep sharing new domains on Twitter but also opted to launch a dark web version of their site, which doesn’t require a domain name company.
“Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails,” Instagram Co-founder and Chief Technology Officer Mike Krieger wrote in a blog post.