A recently uncovered vulnerability in Instagram’s contact importer could have allowed threat actors to access private user data including full names, phone numbers and Instagram account numbers and handles. Facebook, which owns Instagram, has confirmed the flaw and resolved the issue.
Exploitation of the vulnerability involved brute-forcing Instagram’s login form. While the attack would be relatively complicated to carry out, it could have allowed attackers to write a script that would build a massive database containing the exposed data.
Read more: Instagram Confirms Security Issue Exposed User Accounts And Phone Numbers