A bug related to an Instagram API allowed at least one unscrupulous individual to access the email address and phone number of an unspecified number of “high-profile” users of the app. No other personal information, like password or what have you, seems to have been exposed.
Presumably the bug didn’t specifically apply to high-profile users, but they’re really the only ones worth targeting. Who wants the email and phone number of some random kid in Queens? So depending on how obvious the API abuse was and how quickly Instagram shut it down, we’re probably talking about a few dozen, not a few hundred.
Just in case, Instagram notified all verified users of the issue in an email, saying that the bug is fixed and the security team is investigating further. They recommend setting up two-factor authentication, but as TC’s own John Biggs found out last week, you’ll want to add a few other layers too if you think you could be a target.