Instagram has been letting users that it is the victim of a security breach, which has exposed the contact information of some high profile users. This news comes just days after celebrity, Selena Gomez, had her account compromised. But, it’s unclear if the two events are actually related. Instagram says the breach has revealed the email addresses and phone numbers associated with each account, but passwords have not been exposed. Instagram attributes the hack to someone exploiting a bug in an API. Instagram is encouraging users to “be vigilant” about the security of their account, and to use caution if they receive any unrecognized texts, calls or emails.
I honestly wish you could see my face as I wrote that last sentence. Be vigilant and use caution if you receive any unrecognized calls? I mean, isn’t that something you should do in general? But on the other hand, I often receive unrecognized calls from different agencies that have my phone number. Maybe it’s the bank? Or a credit card company calling to say that my card has been compromised. I don’t necessarily have their numbers in my phone, so I’m curious to know how warning will help any one?
Instagram hasn’t said which accounts were part of the breach, but it says that the API glitch made it possible for the hacker to obtain code that contained the email and phone information of the targeted users, which it believes were high profile accounts only. High profile, meaning celebrities. Instagram has said that it’s alerted the affected accounts and continues to direct all users to their security tips webpage, where it encourages two-factor authentication and other security measures. But I wonder if that would actually help?
After all, it was an breach that is exposing contact information, so the hack went through Instagram. Not the individual accounts. And maybe that’s what the hacker wanted, instead of targeting individual accounts and getting passwords etc., maybe they want the contact information for celebrities? Maybe they want to sell that information, or use it in some way for their benefit. Either way, I think Instagram needs to take a bit more responsibility for this. Don’t just direct people to your security tips webpage, tell your users how you will fix this.
The security tips webpage, by the way, gives you the typical information about how to stay safe online. And all Instagram can say is “sorry”? This breach contained almost twice as many records, than those contained in the River City Media breach from march. Which was previously the largest breach by a spammer. It’s estimated that there were about 700 million email addresses, and a number of passwords were leaked. 700 million! I honestly can’t get passed the fact that all Instagram can tell their users is to stay safe online.
This is like your friend telling you a secret. And then you telling that secret to someone else. And then that secret getting out. When your friend confronts you, you say “well, you need to be more vigilant with your information. Perhaps you should consider who you share that information with”. Maybe I’m wrong on this, or maybe I’m just being too hard on Instagram, but I don’t feel like they’re taking any responsibility for this breach. Sure, not a lot of passwords were leaked, but contact information is something that you don’t necessarily want to get out. Maybe Instagram should have told users to set up a “social media only” type email address, so it doesn’t matter if it gets leaked.