Social-media app Instagram said a hack it disclosed earlier this week affected a larger number of users than it previously detected.

Instagram, owned by Facebook Inc., earlier this week said hackers stole email addresses and phone numbers—but not passwords—tied to some celebrity accounts.

On Friday, the photo- and video-sharing app said the theft affected regular users as well and wasn’t just “targeted at high-profile users.” Instagram reiterated that no passwords were stolen.

The contact information was stolen after hackers exploited a bug in Instagram’s software that the company says has since been patched up.

Instagram, which has 700 million monthly users, said it doesn’t know which specific accounts were affected and said a “low percentage” of its users were affected, without providing more specific figures.

Stolen email addresses and phone numbers aren’t as sensitive as passwords, because it typically takes a lot of work to gain control of a user’s phone number or email account without the help of a stolen password, cybersecurity experts say. Gaining access to somebody’s password could be more harmful.

The stolen data are being sold online, according to Instagram. Some information was up for sale for $10 through a database called Doxagram, which claimed to have some contact information for high-profile accounts including that of Facebook Chief Executive Mark Zuckerberg  and pop star Rihanna.

“Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails,” Instagram co-founder Mike Krieger said in a blog post.

Earlier this week, hackers reportedly pried into the account of singer Selena Gomez and posted nude photos of her ex-boyfriend, the pop star Justin Bieber.  An Instagram spokesman declined to say if Ms. Gomez was among those affected by the breach. source

Leave a Reply