Application security, Breach, Threat Management, Data Security

Site spotted selling stolen Instagram phone and email details for $10

The person who is claiming to have exploited the recent Instagram API breach to scrape the personal data of 6 million users is reportedly selling the data in a searchable website for $10 per query. 

The individual contacted ARS Technica and provided the publication with a sample database of 10,000 credentials suggesting the Instagram breach may have targeted more than just celebrities and those with verified accounts.

The site operator told the publication that so far the site has had 12 deposits totaling around $500. While Instagram hasn't confirmed the authenticity of the database the social media company said it is aware of the claims and is looking into it. However, independent researcher Troy Hunt, of the Have I been Pwnd breach notification service, all but concludes the information is legitimate. 

ARS said 9,911 of the 10,000 records in the sample included either a phone number or e-mail; 5,341 included a phone number, and 4,341 included a phone number and e-mail. 

“My conclusion: there's nothing in here to disprove the data,” Hunt told ARS. “It's *possible* it has been scraped together from other sources, but every indication is that it's legitimate."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.