CrosswordNewsletters
DAILY BEAST
ALL
  • Cheat Sheet
  • Obsessed
  • Politics
  • Crime
  • Entertainment
  • Media
  • Innovation
  • Opinion
  • World
  • U.S. News
  • Scouted
CHEAT SHEET
    POLITICS
    • Fever Dreams
    • Biden World
    • Elections
    • Opinion
    • National Security
    • Congress
    • Pay Dirt
    • The New Abnormal
    • Right Richter
    • Trumpland
    MEDIA
    • Confider
    • Daytime Talk
    • Late-Night
    • Fox News
    U.S. NEWS
    • Identities
    • Crime
    • Race
    • LGBT
    • Extremism
    • Coronavirus
    WORLD
    • Russia
    • Europe
    • China
    • Middle East
    INNOVATION
    • Science
    TRAVEL
      ENTERTAINMENT
      • TV
      • Movies
      • Music
      • Comedy
      • Sports
      • Sex
      • TDB's Obsessed
      • Awards Shows
      • The Last Laugh
      CULTURE
      • Power Trip
      • Fashion
      • Books
      • Royalist
      TECH
      • Disinformation
      SCOUTED
      • Clothing
      • Technology
      • Beauty
      • Home
      • Pets
      • Kitchen
      • Fitness
      • I'm Looking For
      BEST PICKS
      • Best VPNs
      • Best Gaming PCs
      • Best Air Fryers
      COUPONS
      • Vistaprint Coupons
      • Ulta Coupons
      • Office Depot Coupons
      • Adidas Promo Codes
      • Walmart Promo Codes
      • H&M Coupons
      • Spanx Promo Codes
      • StubHub Promo Codes
      Products
      NewslettersPodcastsCrosswordsSubscription
      FOLLOW US
      GOT A TIP?

      SEARCH

      HOMEPAGE
      Disinformation

      Hackers Claim Apparent Instagram Fightback Will Not Stop Them From Selling Stolen ‘Doxagram’ Data

      TOO LATE

      Instagram is making an apparent effort to seize the initiative after a massive data hack, but the hackers say their plan to kick them offline will never succeed.

      Joseph Cox

      Updated Sep. 13, 2017 11:35AM ET / Published Sep. 11, 2017 12:00AM ET 

      Photo Illustration by Elizabeth Brockway/The Daily Beast

      On Thursday, hackers launched a searchable database of email addresses and phone numbers for a slew of high-profile Instagram accounts, as The Daily Beast first reported. Soccer star Cristiano Ronaldo, the official POTUS Instagram, and several pop stars are all among the affected users, and the hackers’ site, dubbed “Doxagram,” also hosts details on more ordinary Instagram accounts. In all, the hackers claim to have information on over 6 million users.

      It looks like Instagram is fighting back.

      Along with its parent company Facebook, Instagram has seemingly registered hundreds of different Doxagram domains, according to online records. The tactic is likely an attempt to force the hackers’ website offline, or at least make spreading the exposed data more difficult, with Instagram essentially wrestling control over any relevant domains before the hackers can. This way, when one domain company cuts off service to the hackers, they’ll have fewer options for making websites with the Doxagram brand—without a domain that explicitly includes “Doxagram,” such as doxagram.org, those hoping to dig through celebrities’ Instagram data may have a harder time finding the site.

      At the end of August, Instagram announced it had fixed a vulnerability which allowed attackers to obtain the email address and phone number of users—data that was typically private. But for many users, the fix came too late; hackers had already used it to harvest details on allegedly millions of accounts, and subsequently listed it on Doxagram for $10 a record.

      Originally, the hackers behind Doxagram used a .com domain, but the company controlling it booted the hackers, one of the people behind Doxagram told The Daily Beast on Monday. The site moved to a .ws domain, before being kicked off that one as well.

      “Apparently Facebook complained about us selling ‘stolen’ information,” the person said. (The person proved they were affiliated with the hackers by adding a page to the Doxagram site printing their online chat account; they did not provide a name.)

      Meanwhile, Instagram has seemingly purchased at least 280 domains, including doxagram.lol, .website, and .org, according to records maintained by online service Passive Total. The domains list a Facebook email address as the point of contact, and “Instagram LLC” as the domain administrator.

      The domain registrar itself is Mark Monitor, a company that specializes in protecting brands and intellectual property online and which offers a “Domain Management” service, according to the firm’s website. Mark Monitor did not respond to a request for comment.

      Despite Instagram’s apparent efforts, grabbing as many related domains as possible may do little to stop the flow of this data. Not only do over 1,500 different types of domains exist, the people behind Doxagram have also launched a dark web version of their website.

      A dark web site, or more specifically a hidden service, is a site that uses a network and piece of software called Tor. These websites can hide the location of their servers, making it more difficult for law enforcement or victims to know where to send any take-down requests or complaints. Drug dealers and child abusers regularly use dark web sites to distribute their material; others use Tor for legal purposes. (The normal version of the Doxagram site is protected by services from internet security firm Cloudflare, which also obscures the location of the site’s servers.)

      On top of hiding their infrastructure, the dark web does not require a company such as Google or GoDaddy to provide a domain for the owner of a website. Instead, admins can create and manage their own.

      The episode echoes recent events around white supremacist website The Daily Stormer. After various domain registrars booted the site, The Daily Stormer’s administrators created one on the dark web.

      “It’s a bit odd,” the person behind Doxagram said referring to Instagram’s reaction. The person didn’t think Instagram’s approach would have an effect on Doxagram’s operations.

      At the time of writing, a normal web version of Doxagram as well as its dark web equivalent are both up and running. The Doxagram administrator who spoke to The Daily Beast claims that the site has made over $4,100 so far.

      “I’m pretty satisfied, especially considering most of it was over the weekend,” they said.

      Neither Facebook or Instagram immediately responded to emailed questions on Monday, but an Instagram spokesperson previously told The Daily Beast in a statement, “We now also know that some individuals are attempting to sell the contact information that was obtained. We take people’s security very seriously and are working closely with law enforcement on this matter. We encourage people to be vigilant about the security of their account and exercise caution if they encounter any suspicious activity such as unrecognized incoming calls, texts and emails.”

      In a blog post published Friday, Instagram’s chief technology officer and co-founder Mike Krieger wrote, “We are very sorry this happened.”

      READ THIS LIST

      DAILY BEAST
      • Cheat Sheet
      • Politics
      • Entertainment
      • Media
      • World
      • Innovation
      • U.S. News
      • Scouted
      • Travel
      • Subscription
      • Crossword
      • Newsletters
      • Podcasts
      • About
      • Contact
      • Tips
      • Jobs
      • Advertise
      • Help
      • Privacy
      • Code of Ethics & Standards
      • Diversity
      • Terms & Conditions
      • Copyright & Trademark
      • Sitemap
      • Best Picks
      • Coupons
      • Coupons:
      • Dick's Sporting Goods Coupons
      • HP Coupon Codes
      • Chewy Promo Codes
      • Nordstrom Rack Coupons
      • NordVPN Coupons
      • JCPenny Coupons
      • Nordstrom Coupons
      • Samsung Promo Coupons
      • Home Depot Coupons
      • Hotwire Promo Codes
      • eBay Coupons
      • Ashley Furniture Promo Codes
      © 2023 The Daily Beast Company LLC