Instagram — Data Breach
Executive Summary
A bug in Instagram's developer API exposed the phone numbers and email addresses of approximately 6 million high-profile accounts, including celebrities and politicians. An attacker exploited the flaw to build 'Doxagram,' a dark web database that sold celebrity contact information for $10 per search. Instagram confirmed the vulnerability and patched the endpoint.
What Happened
In September 2017, a bug in Instagram's developer API exposed the phone numbers and email addresses of approximately 6 million high-profile accounts. An attacker exploited this vulnerability to create a database called 'Doxagram' that was sold on the dark web, allowing purchasers to search for celebrity contact information for $10 per search. Instagram confirmed the security flaw and subsequently patched the affected API endpoint.
Who Is Affected
Approximately 6 million high-profile Instagram accounts were affected, including celebrities and politicians whose personal contact information was exposed. These users had their phone numbers and email addresses accessed without authorization and made available for purchase through the Doxagram database.
Why It Matters
This breach demonstrates how vulnerabilities in social media APIs can be exploited to harvest sensitive personal information at scale and monetize it through illicit channels. The incident highlights particular privacy risks faced by high-profile individuals whose contact information has significant commercial value to stalkers, harassers, or unauthorized marketers.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.