Instagram experienced a major hack last week that exposed the telephone numbers and email addresses of some of their top users, including major celebrities. The hack illustrated the fact that no one — not even one of the biggest social media platforms in the world — is 100 percent safe from cyber criminals. The Verge reports that Instagram doesn’t know exactly which accounts were affected by the hack. However, the attackers claim to have information on 6 million users, out of the 700 million total Instagram accounts, which means that less than 1 percent of users’ information was compromised.

The bug that allowed atackers to gain access to private information was discovered in Instagram’s API. According to the Telegraph, the bug was in the password reset section of the app. The hackers were able to send a password reset request and then intercept the information, which included phone numbers and email address. The vulnerability was in a version of Instagram from 2016, which means that anyone with an up-to-date account was safe. The company initially reported that only verified users had been targeted, but later reports revealed that some unverified accounts were at risk as well.

While no passwords were compromised, the danger of a hack like this is twofold: 1. The private contact information of celebrities has been released and, 2. Possession of this information makes it easier for an attacker to gain control of accounts.

After the hack was revealed, the attackers set up a searchable database they called Doxagram that included a list of 1,000 accounts. People could search the site for $10 a search, and the list included the top 50 most followed Instagram users, as well as many well-known celebrities, including Emma Watson, Zac Efron, Leonardo DiCaprio, Channing Tatum, Harry Styles, Beyoncé, Lady Gaga, Rihanna, Taylor Swift, Katy Perry, Adele, Snoop Dogg, and Britney Spears, among others. The site was taken offline early Friday evening, but not before contact information had been bought and sold.

As an example of how easy it can be to use social engineering to determine a person’s password once you have their phone number and/or email address, Selena Gomez’ account was not only compromised, but also hacked. The account was taken down after naked photos of her ex-boyfriend Justin Bieber were posted on Monday. It’s been restored now.

Because the hack primarily appears to have targeted celebrities, most people don’t have to do much in response. However, it might be a good idea to take this opportunity to set up a couple more security checks on your account. First, change your password to a string of words that make up a phrase that’s easy for you to remember, but hard for a cyber criminal or a computer to crack. Then, set up two-factor authentication for your Instagram account. This ensures that anyone who is trying to get into your account won’t be able to do so without access to your phone, too. Finally, make sure that Instagram — and all of your apps — is updated.