Instagram Fixes API Blamed for Celebrity Data Leaks

August 31, 2017

Instagram says it has fixed the API responsible for enabling hackers to access some personal details of high-profile users of the service

Facebook-owned photo-sharing service Instagram has fixed a flaw in its application programming interface (API) exploited by hackers to access user details.

The company said in a statement that “a number of” celebrities’ phone number and email addresses had been accessed by “one or more” hackers exploiting a flaw in its API.

All those account holders affected by the security breach have been notified by email, the company said. However, Instagram declined to say how many people had been affected, and declined to comment on individual accounts, according to CNN.

Instagram said no passwords had been stolen, but urged users to look out for any suspicious activity on their accounts and be “extra vigilant” about unexpected phone calls, texts and emails as they could be from scammers using the stolen data.

Instagram claims to have more than 500 million users, with around 300 million using the service at least once a day.

According to security firm Distil Networks21% of APIs still go live without any input from security professionals, often providing opportunities for cyber attackers.

“APIs impact business and the world around us more than most people realise. The fact that API security is flying under the radar and not being adequately addressed should be a red flag prompting organisations to examine their own practices,” said Rami Essaid, CEO and co-founder of Distil Networks.

“CIOs and CISOs need to get a handle on how responsibility is addressed in their organisations and decide whether the process is sufficiently robust,” he said.

Read the Article

Previous Article
PSD2's API Wave Will Pump Up the Security Risk
PSD2's API Wave Will Pump Up the Security Risk

Banks are digitizing at a rapid pace to catch up with upstart fintech providers run the risk of introducing...

Next Article
How Criminals Steal Gift Card Funds from Retailer Websites
How Criminals Steal Gift Card Funds from Retailer Websites

The GiftGhostBot, tests potential account numbers, requesting each balance. When its successful, hackers ca...