According to Ars Technica, data from thousands of Instagram users is being sold by a hacker. This person contacted the vehicle to inform that he had stolen the data of more than six million users of the social network and that he was marketing it on the web.
The content would have been obtained through a security hole that has already been fixed in the application's database. Kaspersky Lab on Thursday said that the breach had been found on Instagram and that it allowed an attacker to obtain personal data such as users' email addresses and phone numbers.
The breach, however, appeared to be limited, however, a list of 10 social network user credentials sent to Ars Technica this week revealed that the problem could be bigger. The individual who contacted the site claims to have put the data of more than 6 million users up for sale for as little as $10.
The list in question was sent to Instagram so that the app could verify its veracity. Doing a check with security researcher Troy Hunt from Have I Been Pwnd found that there is consistency in the data.
The person selling the list says he has already received 12 deposits. "Not a bad start," he said. According to him, the breach was discovered in an IRC conversation, and others have also exploited it.
"Assuming the 6 million number is true, and the 10 list is representative, millions of email addresses and phone numbers are now for sale, and even more data could be in the hands of other hackers.
Until the company responds, Instagram users should get used to the possibility that their phone number and email address associated with their account are now public," Ars Technica said.