Fans aren’t the only ones who love celebrities on Instagram; so do hackers, as it turns out. A bug in the photo-sharing network’s programming allowed hackers to glean phone numbers and other contact information from some of the network’s high-profile verified users.
That’s bad enough, but now Instagram has clarified that everyday users might be at risk, too. While there’s no way to tell whether your account has been compromised, it couldn’t hurt to take a few simple steps to secure it.
The Verge reported on the problem, which has gone through a few tumultuous twists and turns since it hit singer Selena Gomez, its first victim. Briefly, hackers took advantage of a flaw in Instagram’s application programming interface (API), and were able to match usernames to phone numbers in verified accounts. Passwords weren’t at risk, but a sophisticated phisher could take care of the rest by him- or herself. The hackers put the information up for sale on a platform called Doxagram, which has since been taken down.
While Instagram hasn’t revealed the specifics of the hack, or outlined any special steps for everyday users, there are still a few simple things to secure your account. Again: You may not actually have to. Instagram has used a lot of hazy language regarding non-verified accounts, and there’s no guarantee that they’ve been compromised – or that it would even be possible to access the information anymore, now that Doxagram is down.
Still, a few simple security fixes never hurt anyone. Since your password was likely not compromised, you don’t have to change it, but doing so might not be a bad idea, anyway. Furthermore, activating two-factor authentication will prevent anyone from logging into your Instagram unless they have access to your phone. (If they do, you have bigger problems.) You can also change your username, if you want to go above and beyond to ensure that your information is safe.
Overall, the Instagram hack, while troubling, is probably nothing for the average person to worry about. Of course, it’d be helpful if Instagram could clarify its position on its compromised API, if only to set the everyday user’s mind at ease.