Instagram and Facebook appear to be taking an aggressive defensive tactic against hackers who allegedly compiled contact information from 6 million Instagram users, but it might not be enough.
On Thursday, a hacking group created a website dubbed “Doxagram” that sold the email addresses and phone numbers of high-profile accounts, including the official President of the United States account, Christiano Ronaldo, Jennifer Lopez, Drake, and even personal information from some non-verified users. Each searchable entry cost $10 in Bitcoin. At first, the data was sold on a .com site until a web host kicked the hackers from the domain. The hackers were then reportedly kicked from .su and .ws domains.
Now, Instagram and Facebook are doing all they can to make sure the group doesn’t find a new home.
https://twitter.com/josephfcox/status/905000462000295936
According to online records discovered by the Daily Beast, the two social giants registered hundreds of Doxagram domains over the past few days. This should make it difficult for the hacking group to find a new place to sell after it gets booted by a domain host. The hope will be to force the hackers onto a site that’s difficult for prospective buyers to find, or push them offline entirely. It appears Instagram has purchased at least 280 domains, including doxagram.lol, doxagram.sexy, and doxagram.org, according to records by Passive Total.
But its efforts may be in vain. It would be impossible for Instagram to purchase every Doxagram domain, and even if it did, the hackers have already moved to the dark web where they can create and manage their own domain. The dark web, home to illegal activities such as child pornography and the sale of drugs, is only accessible using specialized software.
The owners of Doxagram claim their site made more than $4,100 so far. Both a normal web version and dark web site are reportedly live as of Tuesday morning.
H/T Daily Beast