Millions of Instagram accounts were hacked through a bug in the API. Initially, it was said by Instagram August 30 that it is only the celebrity accounts which were hacked. But, later it was confirmed that normal accounts were also hacked and got accessed to the email and phone number. Though the hacker could not fetch the passwords of the accounts.
Instagram issued a statement to address the fact that the hack was more serious than what was assessed in the beginning.
We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information—specifically email address and phone number—by exploiting a bug in an Instagram API. No account passwords were exposed. We fixed the bug swiftly and are running a thorough investigation. Our main concern is for the safety and security of our community. At this point we believe this effort was targeted at high-profile users so, out of an abundance of caution, we are notifying our verified account holders of this issue. As always, we encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognized incoming calls, texts and emails.
According to a report, the people responsible for the hack have created a searchable database namely Doxagram, allowing people to find contact details of any of the affected users for USD 10 (paid in BitCoins).
Instagram cautioned everyone that the hack was turned to be serious, though it was thought initially as a little problem.