U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

6 Million Celebrities Instagram High-Profiles Data available for sale on DoxaGram

Doxagram website claims to be selling the email addresses and phone numbers of 6M High-Profiles Instagram accounts ranging from POTUS to Taylor Swift. The story began with the hack of the Selena Gomez Instagram account, a hacker hijacked it and published three nude photos of Justin Bieber. A few days later, it was reported a vulnerability […]

doxagram website Instagram hack

Doxagram website claims to be selling the email addresses and phone numbers of 6M High-Profiles Instagram accounts ranging from POTUS to Taylor Swift.

The story began with the hack of the Selena Gomez Instagram account, a hacker hijacked it and published three nude photos of Justin Bieber.

A few days later, it was reported a vulnerability in the Instagram application that allowed hackers to access information for high-profile users including phone numbers and email addresses.

Stolen data could be used by hackers to target victims with social engineering attack aimed to access their accounts and leak their video and photos.

The vulnerability affects the Instagram application programming interface (API) that is used to interact with other apps.

The company confirmed it is investigating a data breach, an unknown hacker has stolen personal details of more than 6 million Instagram accounts.

The situation appears to be more serious than initially thought, 6 million Instagram users, including sports and pop stars, politicians, and media companies, were affected.

Now their Instagram profile information, including email addresses and phone numbers, are available for sale on a website called Doxagram.

Experts believe Doxagram was created by the same Instagram hacker, the website allows anyone searching for stolen information only for $10 per account.

doxagram website Instagram hack

According to THN, a researcher at Kaspersky Labs also found the same vulnerability in the Instagram’s mobile API and reported it to Instagram.

The flaw affects the Instagram code since 2016, according to Kaspersky Lab researchers, it is likely the attackers exploited it manually.

“So far we’ve had 12 deposits totaling around $500,” Doxagram operator told Ars early Friday morning, about six hours after the service went live. “Not a horrible start.”

The hacker initially provided a sample of 10,000 of stolen records, 9,911 of them include either a phone number or e-mail; 5,341 include a phone number, and 4,341 include a phone number and e-mail.

The flaw affected the password reset option that exposed mobile numbers and email addresses of the users in the JSON response, but not passwords.

To secure Instagram accounts, users are highly recommended to enable two-factor authentication on their accounts and always secure them with a robust and different password.

Be vigilant about possible phishing attacks, avoid clicking on suspicious links and attachments you receive in an email and never provide your data to unverified interlocutors.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Doxagram, Instagram)

[adrotate banner=”12″]