Instagram breach deepens with dark web ‘Doxagram’ domain

Hackers call platform’s efforts to fight back “odd”

David bisson
David Bisson
@
@DMBisson

Instagram breach deepens with dark web "Doxagram" domain

Attackers have set up a dark web domain for their “Doxagram” site that offers for sale the email addresses and phone numbers of high-profile Instagram users.

On 5 September, The Daily Beast reporter Joseph Cox tweeted out more than two dozen domains recently purchased by Facebook in an effort to protect Instagram users’ accounts against unauthorized access.

https://twitter.com/josephfcox/status/905000462000295936

Sign up to our free newsletter.
Security news, advice, and tips.

As of this writing, Instagram and Facebook together have registered at least 280 domains for “Doxagram,” a service which hackers are using to spread the email addresses and phone numbers of potentially millions of Instagram users.

On the one hand, Doxagram appears to be linked to a incident where hackers exploited a glitch in Instagram’s API to expose the email addresses and phone numbers of only high-profile members like Selena Gomez.

On the other hand, Doxagram also contains regular users’ account data, with the hackers saying they have information pertaining to more than 6 million members, reports The Daily Beast.

Doxagram, which allows anyone to harvest account information for just US $10 a record, originally appeared as a .com domain before getting the boot from its web-hosting company. The service then appeared as a .ws domain before once again going offline. Those responsible for Doxagram suspect Facebook was responsible for these takedowns.

But they’re not worried about Instagram’s efforts. In fact, they think they’re “odd.”

Cox might know whey they feel this way:

“Despite Instagram’s apparent efforts, grabbing as many related domains as possible may do little to stop the flow of this data. Not only do over 1,500 different types of domains exist, the people behind Doxagram have also launched a dark web version of their website.”

A clever move on their part. A dark web site allows the hackers to reach an audience who would truly be interested in purchasing and monetizing users’ stolen Instagram credentials. Also, the hackers don’t need a company like GoDaddy to manage a dark web location; they can do it themselves. This makes it extremely difficult to take down a dark web site unless you have the involvement of federal law enforcement.

Those responsible for Doxagram said their service has made US $4,100 across its public and dark web versions so far.

Given this active “business,” it’s important that Instagram users watch out for phishing emails, calls, or texts that attempt to steal their account credentials. They would also be wise to set up a PIN with their mobile carrier lest someone attempt to steal their phone number and port it to a device under their control.

To learn more about this story, listen to this episode of the “Smashing Security” podcast:

Smashing Security #041: 'Hacking Instagram, facial failures, and spying bosses'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

One comment on “Instagram breach deepens with dark web ‘Doxagram’ domain”

  1. Mike

    Why do you have a picture of a muppet on a phone for the main image?

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.