Instagram reported a security breach to users on Thursday and said that people’s email address and phone number could be accessed via a bug even if they were not public. However, the company added that no passwords or other Instagram activities were revealed, said in on its blog.

The company added that it could not determine the number of accounts which were affected but it added it believes it was a low percentage of Instagram accounts. Hackers said they have information on file for 6 million users, as per The Verge.

“Out of an abundance of caution, we encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails,” it added. Meanwhile, the company added that it has fixed the bug which allowed the vulnerability.

“Additionally, we’re encouraging you to report any unusual activity through our reporting tools. You can access those tools by tapping the “…” menu from your profile, selecting “Report a Problem” and then “Spam or Abuse.”

Hackers established a searchable database called Doxgram which allowed users to search for contact information for $10 per search. Around 1,000 accounts were available through Doxgram and included 50 of the most followed accounts, Daily Beast reported.  Doxgram, as on Friday, is offline.

Things to note

Instagram says that it does not how many accounts were affected but the hackers seem to target verified accounts. The hack also seemed to target singer Selena Gomez, Instagram’s most followed account. Gomez’s account was briefly taken down after hackers posted nude photographs of Justin Bieber, her ex-boyfriend. But that does not mean that unverified users are not vulnerable. The hack could mean that users will have to change their phone number, email address, or both.