• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Social Network News

Stolen 6M Celebrities data from Instagram sold on Dark Web

September 3rd, 2017 Waqas Hacking News, Leaks, Security, Social Network News 0 comments
Stolen 6M Celebrities data from Instagram sold on Dark Web
Share on FacebookShare on Twitter

The data is available on a searchable website called DoxaGram.

As reported on Thursday the social media giant Instagram suffered a massive data breach in which an unknown hacker or hackers stole a trove of personal data from verified accounts (top celebrities) and ended up trading them on underground hacking forums.

The data was stolen when attackers exploited a bug in an Instagram API. Now it has been revealed that hackers have set up a website with a searchable database of 6 million Instagram account. This means one can simply search for the account they are interested in and buy its details for just $10 in Bitcoin.

The site is called DoxaGram which is offering to sell anyone the data including emails and phone numbers of high-profile celebrities. Initially, DoxaGram surfaced with a .com domain but then disappeared before moving on to the .ws domain, but at the time of publishing this article, some reports suggested that the site was forced to give up the .ws domain and to came back with a .pw domain.

According to a report, Instagram has registered Doxagram domain names in the wake of the data breach. Currently, all DoxaGram domains were offline. However, their Dark Web domain is up and running allowing users to search and buy data. Here is a screenshot showing the hacker(s) announcing the launch of DoxaGram:

Hackers selling 6M Instagram accounts on a searchable website

Here are three screenshots HackRead.com was able to grab from DoxaGram’s Dark Web domain.

DoxaGram’s dark web domain

In the first screenshot, it can be seen that a buyer can simply put the username of an Instagram account and search for it. Remember, the username, in this case, is same as the profile name of a user; for example, the username for Kim Kardashian’s account is “kimkardashian.”

Hackers selling 6M Instagram accounts on a searchable website

Once the search is completed, the site shows results. If the information is available; the site will show following results:

Hackers selling 6M Instagram accounts on a searchable website

If you are wondering since there are no passwords available why would someone buy this data? Well, for social engineering attacks emails and phone numbers are worth everything as attackers can search for these emails in previous data breaches like MySpace, DropBox, and LinkedIn. And if the targeted account is in the list and luck is on the attacker’s side, the victim might have never changed their old password and using the same password for their Instagram and other accounts.

This will allow an attacker to hack not only the Instagram account but also those linked with the email. Moreover, an attacker can conduct smishing (phone phishing) on a victim and trick them into giving away their personal, social media and banking details.

Instagram is still investigating the issue, but it must be noted that days before the news of the celebrities accounts being hacked surfaced, popular singer Selena Gomez had her account hacked in which hackers leaked nude pictures of Justin Bieber.

[fullsquaread][/fullsquaread]

This is not the first time when Instagram has suffered a high profile hack. In 2015, a security researcher hacked Instagram and got its admin panel access, but in return, Facebook threatened to sue the researcher for his findings. Although debatable, if Instagram had facilitated the researcher and accommodated him according to their bug bounty program, who knows the DoxaGram hackers might have reported the bug to the company.

If you have an Instagram account, make sure to enable Two-factor authentication (2FA), never click on a suspicious link, do not open a spam or unknown email and avoid downloading the files attached to those emails.

  • Tags
  • Cyber Attack
  • Cyber Crime
  • hacking
  • Instagram
  • internet
  • LEAKS
  • Privacy
  • security
  • Social Media
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article DailyStormer comes back with Albanian domain; gets booted off
Next article Trove of Private Military Contractor Job Applicants Exposed Online
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

49
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

86
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

107

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us