Instagram API breach may have allowed more stolen accounts than once thought.
Instagram API breach may have allowed more stolen accounts than once thought.

The person who is claiming to have exploited the recent Instagram API breach to scrape the personal data of 6 million users is reportedly selling the data in a searchable website for $10 per query. 

The individual contacted ARS Technica and provided the publication with a sample database of 10,000 credentials suggesting the Instagram breach may have targeted more than just celebrities and those with verified accounts.

The site operator told the publication that so far the site has had 12 deposits totaling around $500. While Instagram hasn't confirmed the authenticity of the database the social media company said it is aware of the claims and is looking into it. However, independent researcher Troy Hunt, of the Have I been Pwnd breach notification service, all but concludes the information is legitimate. 

ARS said 9,911 of the 10,000 records in the sample included either a phone number or e-mail; 5,341 included a phone number, and 4,341 included a phone number and e-mail. 

“My conclusion: there's nothing in here to disprove the data,” Hunt told ARS. “It's *possible* it has been scraped together from other sources, but every indication is that it's legitimate."