The social media firm said on Wednesday that at least one person used the since closed down flaw to gain “unlawful access” to email addresses and phone numbers in a targeted attack on famous users Pop singer Selena Gomez, 25, was hacked and had nude photos of her ex-partner Justin Bieber posted to her account earlier this week.
It is unlikely that the bug alone was the cause of the breach to Gomez’s account, as it did not expose passwords, but it may have aided attempts by hackers. Her account was temporarily pulled down after the breach and has since been restored minus the photos of Bieber, 23. Instagram said the bug in its application programming interface (API), which programmers use to create software, was quickly closed but has been warning people with verified accounts.
A spokeswoman said: “We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users’ contact information – specifically email address and phone number — by exploiting a bug in an Instagram API. “No account passwords were exposed. We fixed the bug swiftly and are running a thorough investigation. “At this point we believe this effort was targeted at high-profile users so, out of an abundance of caution, we are notifying our verified account holders of this issue.” The Facebook-owned firm is warning users to be wary of unrecognised phone calls, texts and emails.