Instagram warning after hackers ‘access personal information using only username’
Instagram warning after hackers access personal – Cybersecurity researchers have uncovered a new vulnerability on Instagram, allowing attackers to retrieve personal information solely through a username. This discovery follows a series of alarming incidents where users’ data was exposed via different methods, raising concerns about the platform’s security measures. The latest flaw, highlighted by experts, reveals that even without a password, malicious actors can access sensitive details such as email addresses and phone numbers, potentially compromising user privacy on a large scale.
New Security Flaw Discovered
Following the recent discovery of a security flaw that enabled hackers to manipulate Meta’s AI chatbot into changing user passwords, cybersecurity analysts have now identified another privacy leak. According to the International Cyber Digest newsletter, Instagram’s account recovery feature can be exploited to gain authenticated access to personal information, including email addresses and phone numbers, simply by providing a username. This method bypasses traditional login barriers, leaving accounts vulnerable to unauthorized access.
Testing their theory, the tech security team applied the technique to several high-profile accounts, including those of celebrities. They successfully retrieved details associated with Real Madrid footballer Kylian Mbappé, revealing he maintains a personal TikTok account in addition to his Instagram presence. The same process was used to access information linked to Cristiano Ronaldo’s wife, Georgina Rodríguez, further demonstrating the extent of the vulnerability.
“Yet another Meta f***-up: its account recovery function allows unauthenticated access to full account PII, including emails and phone numbers, from just a username. We verified the claim and found social media and wine-app accounts belonging to several public figures,”
the newsletter stated on X. This claim underscores the severity of the issue, as it suggests that even unverified accounts can be exposed, giving hackers a direct line to users’ personal data. The breach highlights a growing pattern of security oversights within Meta’s ecosystem, which has already faced scrutiny over its AI chatbot’s ability to alter passwords without user consent.
Testing the Vulnerability
Instagram’s account recovery process is designed to help users regain access to their accounts if they forget their password. However, the International Cyber Digest team discovered that this feature could be manipulated to extract sensitive information. By leveraging the recovery function, attackers can obtain the email and phone number linked to a username, effectively granting them access to key account identifiers.
The team’s findings were corroborated by real-world examples. Celebrities and public figures were among the first to have their data accessed, showcasing the flaw’s potential for widespread impact. For instance, Kylian Mbappé’s account revealed not only his professional contacts but also his personal social media presence, illustrating how a single username can lead to multiple points of exposure. Similarly, Georgina Rodríguez’s information confirmed the breach’s applicability to high-profile users.
Broader Implications for User Privacy
Experts estimate that approximately 100 high-value accounts were compromised through this method, with some of the stolen data now circulating on black-market platforms. The breach included accounts like Barack Obama’s now-unused White House Instagram profile, which boasts over 2.4 million followers, and former Meta security engineer Jane Manchun Wong. These cases emphasize the vulnerability of even well-known figures to cyberattacks when security protocols are not rigorously enforced.
Users who experienced the breach reported being logged out of their accounts repeatedly and noticing unusual password reset attempts. One affected individual described the situation as “quite concerning,” noting that their credentials were altered without their knowledge. This incident has sparked calls for improved safeguards, as the ease of exploitation suggests that Instagram’s security framework may need urgent revisions.
Previous Security Incidents and Ongoing Concerns
Earlier this week, Metro revealed that hackers had exploited Meta’s AI chatbot to change user passwords, compounding the risks posed by the platform’s recent vulnerabilities. The combination of these issues—password theft via AI and data exposure through account recovery—has raised alarms about the overall safety of Instagram for personal and professional use. Cybersecurity analysts warn that the cumulative effect of these flaws could lead to more severe breaches in the future, particularly if users fail to monitor their accounts closely.
Experts stress that the username-based attack is particularly insidious because it requires minimal effort and no prior knowledge of a user’s password. This means that even dormant accounts or those with infrequent activity could be targeted, exposing users to a range of threats. The potential for data misuse, such as phishing campaigns or identity theft, has been a growing concern in the digital security community.
Steps to Mitigate Risk
In response to the recent vulnerabilities, users are advised to take proactive steps to protect their accounts. These include enabling two-factor authentication, regularly updating passwords, and monitoring account activity for suspicious behavior. Additionally, the incident has prompted discussions about the need for stricter verification processes during account recovery, ensuring that only legitimate users can access sensitive information.
The International Cyber Digest team’s report serves as a reminder of the ever-evolving nature of cybersecurity threats. While Instagram has taken steps to address the issue, the fact that such a critical flaw exists indicates that more comprehensive measures may be required to secure user data. As the platform continues to grow, the responsibility to safeguard personal information becomes increasingly vital.
ArrowMORE: Instagram Plus subscription service will cost you £2.98 a month – how do you get it?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Your information will be used in line with our Privacy Policy.
