Instagram fell victim to a major data breach, and it's unclear how many people have been affected.
The company announced Friday it had fixed the bug that caused the security breach, but not before hackers gained access to many users' email addresses and phone numbers. Instagram says passwords were not compromised.
A person claiming to be the hacker told Ars Technica that, at one point, they were able to steal data at roughly 1 million accounts per hour. They said that by the time the bug was fixed, they'd stolen the information of at least 6 million users.
Instagram doesn't know which accounts have been compromised, but the number includes celebrities like Selena Gomez, Ariana Grande and Cristiano Ronaldo — the three most most followed people on the site.
Some think the bug was responsible for the hacking of Gomez's account on Monday.
The information for at least 10,000 other accounts is being sold for $10 per account through a database called Doxagram. The database was created following the breach, and the site operator said Friday morning Doxagram had already made $500.
As of Saturday morning, following domain suspensions, at least two versions of the website were still up: one on the "dark web" and the other on the normal internet. Access to the database requires registering an account, which we don't recommend.
Doxagram is run by cybercriminals, and it's unlikely the site's operators will care much about your security. And beyond that, stealing private information could be punishable by law.
Instagram is currently working with law enforcement, and it encourages users to "be vigilant" about possible suspicious calls, texts or emails. If you're worried about your personal security after the breach, it's always a good idea to consider beefing up your online security with two-factor authentication.