Instagram users: Hackers may have your email and phone number

Fear not, Hackers do not have access to your Instagram account, nor do they know your password.  However, Instagram today have issued a security warning to advise of a recent bug on their site that has caused a breach of data.

In a blog post today, Instagram Co-Founder Mike Krieger tells users “we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public. No passwords or other Instagram activity was revealed.”

What this means is just that, there was a bug, which some hackers exploited and clearly started manipulating the Instagram system to retrieve phone numbers and email addresses.  It’s a guess, but my assumption is this has something to do with the password recovery or username recovery process which often shows all or part of a phone number during the process.

Instagram “quickly fixed the bug” and are working with law enforcement on the issue.

They say it’s a low percentage of accounts, but with 700,000,000 users it doesn’t take much of a percentage to affect a bloody lot of people.

Why should you care?

Because scammers are sometimes smart.

They have your email, they have your phone number, they can (and will) start sending emails pretending to be from Instagram.  Don’t trust ANY email from Instagram.

The email might say “someone has attempted to access your account, click here to change your password”, or “to boost your security click here to enable new security features” – things that scare you, make you click, and in doing so actually handing over your password.

What should you do?

Easy.  Two things:

1. Change your password.  About time anyway right?  You’ve had the same one for years.  Change it, and change it now – just because it’s good smart sense.
2. Enable two-factor authentication – this means anyone trying to log into your account will need your mobile phone to be able to get in.

Stay safe online folks, be careful of spam emails, and never click suspicious links.  If Instagram needs you to do something, do it within their app.