It seems like we hear about a new data breach every week. Thanks to one of the most recent breaches, you could be only ten dollars away from getting in touch with your favorite A-list celebrity. Instagram — the Facebook-owned photo sharing company — was recently hacked due to a flaw in the program. Most recent reports indicate up to six million Instagram users’ email addresses and phone numbers may have been made public due to the data breach.

While the breach initially appeared to affect only celebrities and verified accounts, it has now been shown to affect a much wider range of accounts.

Instagram recently announced that it had fixed the flaw that apparently allowed unauthorized hackers to access the email addresses and phone numbers connected to Instagram accounts, even though the information was supposed to be private and inaccessible.

Before Instagram fixed the flaw, the hacker(s) seemed to have stolen data that they are now selling online for $10 in Bitcoin per record, calling the searchable database of Instagram information “Doxagram.” RepKnight reports that the accounts being offered for sale relate to Taylor Swift, Leonardo Di Caprio, Floyd Mayweather, among other high-profile celebrities. It also says accounts operated by high-profile brands and organizations, including Adidas, NASA, and Nike, are also being offered for sale. While all Doxagram domains are currently offline, the Dark Web domain is still running.

Even without the passwords to these accounts, the hacked emails and phone numbers are dangerous as attackers can search for the emails in previous data breaches like LinkedIn and MySpace. If the targeted account is in the list, the victim may have never changed their old password and may use the same password for their Instagram and other accounts. If so, this will allow the attacker to access the Instagram account and all others linked with the email. Even worse, the attacker can phone phish a victim to gain personal and banking information.

The Instagram data breach is yet another reminder that individuals and businesses alike need to take steps to protect their information. So, how can you protect yourself?

  1. Use Instagram’s multifactor authentication.
  2. Change your password, regularly.
  3. Have a strong password. A good practice is to make a memorable but unique phrase by stringing together a few words.
  4. Don’t reuse previously used passwords.
  5. Use a different password for all of your accounts.
  6. Log out of all accounts on shared devices.
  7. Do not save your password on browsers.
  8. Keep an eye out for suspicious activity on your account, and any unrecognized incoming calls or emails. Never respond to emails asking you to reset passwords if you did not request a password change. If you receive an unsolicited request to change your password, contact the website.