Three naked photos of her ex-boyfriend, Canadian popstar Justin Bieber, were posted to her 125 million followers before her profile was shut down.
But while high-profile hacks are a dime a dozen these days, what's staggering here is how easily the information was obtained: in essence, sending a password reset request from an old version of the Instagram app resulted in a response containing an account's private data (sans password, thankfully).
An Instagram bug meant hackers gained access to celebrity users' phone numbers and email addresses, the company admitted on Wednesday. "This is why it is critical for users to take responsibility of their own security".
Taylor Swift is among the A-list celebrities whose data has leaked to the darknet due to a flaw in Instagram. "It's "possible" it has been scraped together from other sources, but every indication is that it's legitimate and the vector you wrote about earlier is absolutely feasible and certainly not unprecedented". The hackers were charging $10 per search to give access to the information from the hacked accounts.
To verify the authenticity of the sample, The Daily Beast tried to create new accounts on Instagram with a random selection of email addresses from the list. Others allegedly belong to Cristiano Ronaldo, Jennifer Lopez, Drake, and several other celebrities. (If they do, you have bigger problems.) You can also change your username, if you want to go above and beyond to ensure that your information is safe. "Not a terrible start".
Instagram patched its bug shortly after it was first discovered, but the damage was done. That doesn't say much considering there are more than 700 million members.
A spokesperson told CNN Tech they are aware individuals are trying to sell the information, and the company is working with law enforcement.
The social photo service is sending out alerts that intruders got access to the phone numbers and email addresses for a number of "high-profile" users by exploiting a bug in Instagram's programming interface. No account passwords were exposed.
A representative from the company has released a statement, saying, "After additional analysis, we have determined that this issue potentially impacted some non-verified accounts as well".