Earlier this week, hackers gained control of Selena Gomez‘s Instagram account, and began posting nude photos of her ex-boyfriend Justin Bieber, before it was shut down and returned to the singer.
Two days later, the company announced that it had been the target of a more widespread hack, with a bug in an Instagram API exposing the contact details of certain other users to hackers.
They claimed at the time that the hack had only affected “high-profile” individuals such as Gomez, who hold verified accounts on the platform, but it now appears that the extent of the breach was a lot wider.
Per reports in Mashable, the company has since copped to the fact that vastly more accounts may have been affected, a number likely to be in the millions. A representative said in a statement:
“After additional analysis, we have determined that this issue potentially impacted some non-verified accounts as well. Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.”
Instagram has up to 700 million active accounts, so a “low percentage” of these is still a very bloody large number, and management at the site has urged everyone to be cautious.
In a post to the company’s official blog overnight, co-founder and Chief Technology officer Mike Krieger told average Joe Schmo users about the situation.
He warned that some people’s email addresses and phone numbers could have been revealed, even if these details were not public, but said that no passwords or “other” user activities were hacked.
Krieger said that the company is “working with law enforcement” on the matter, but told users to be wary of suspicious activity, saying:
Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails. Additionally, we’re encouraging you to report any unusual activity through our reporting tools. You can access those tools by tapping the “…” menu from your profile, selecting “Report a Problem” and then “Spam or Abuse.”