Johannesburg - As news emerge that millions of Instagram accounts may have been compromised by a hack believed to be targeting only celebrities' accounts, the hack appears to have not affected local celebrities and users yet.

This is according to ESET South Africa, which earlier revealed that almost six million Instagram accounts might have also had their private information stolen following a hack of international celebrities' accounts. 

Among those affected was singer Selena Gomez, whose account hacked and nude pictures of her ex-boyfriend Justin Bieber posted to users. 

Another alleged victim of the hack was the official account for the President of the United States of America, which is run by the White House social media team.

Instagram's Chief Technology Officer and co-founder Mike Krieger has since gone on to say that a bug had been discovered on the social media platform "that could be used to access some people’s email address and phone number even if they were not public".

"No passwords or other Instagram activity was revealed. We quickly fixed the bug, and have been working with law enforcement on the matter."

Carey van Vlaanderen, CEO of ESET SA, explained that while the attack has left both celebrities and normal users vulnerable, it has not yet extended to local celebrities. 

ALSO READ: Six million Instagram accounts hacked

"It has affected both celebrities as well as private users. It was originally aimed at A-list celebrities abroad, but has become a much bigger attack as it has affected six million accounts with private information expected to have been stolen. 

"It was said at first that it was only celebrities (not in South Africa, but in the US), but now has reached ‘regular’ accounts."

She further explained how the hackers may have managed to gain access to celebrities' accounts, saying it was "most likely a targeted brute-force attack targeting a specific celebrities account testing millions of username and password combinations until a valid combination is found" 

The same concept can be applied to password resets, secret questions, promotional and discount codes, and other “secret” information used to identify a user, she added.

"Attacks like this cannot be contained it’s up to the user to practice good password etiquette and maintenance," she said. 

Van Vlaanderen offered users tips on how best to protect their accounts from attacks of this nature. 

"First and foremost passwords need to be changed. We advise that not one password is used across social accounts. Users should do this even if they have not been a victim of the attack.

"Log out of your accounts on shared devices. If you have a shared PC or mobile device, always remember to log out of your account and never let a browser store your password for you."

Additionally, users were advised to check their privacy and security settings and make sure they regularly review their social media settings.