Instagram says it has fixed the API responsible for enabling hackers to access some personal details of high-profile users of the service
Facebook-owned photo-sharing service Instagram has fixed a flaw in its application programming interface (API) exploited by hackers to access user details.
The company said in a statement that “a number of” celebrities’ phone number and email addresses had been accessed by “one or more” hackers exploiting a flaw in its API.
All those account holders affected by the security breach have been notified by email, the company said. However, Instagram declined to say how many people had been affected, and declined to comment on individual accounts, according to CNN.
Instagram said no passwords had been stolen, but urged users to look out for any suspicious activity on their accounts and be “extra vigilant” about unexpected phone calls, texts and emails as they could be from scammers using the stolen data.
Instagram claims to have more than 500 million users, with around 300 million using the service at least once a day.
“APIs impact business and the world around us more than most people realise. The fact that API security is flying under the radar and not being adequately addressed should be a red flag prompting organisations to examine their own practices,” said Rami Essaid, CEO and co-founder of Distil Networks.
“CIOs and CISOs need to get a handle on how responsibility is addressed in their organisations and decide whether the process is sufficiently robust,” he said.