A bug in Instagram’s API that allowed hackers gain access to several high-profile accounts on Instagram, has apparently affected on a much larger scale than earlier reported. The glitch which responsible for the hack of Selena Gomez’s Instagram account earlier this week, allowed hackers to gain access to email addresses along with phones numbers associated with the account. However, Instagram confirmed it has already taken evasive measures and fixed the bug.

But multiple reports now claim that the Instagram hack has affected a far greater number of accounts. Hours after the Instagram hack was confirmed, a website called Doxgram was established, which is claimed to have stolen over 10,000 credentials. The hackers are reportedly allowing visitors to search and view personal information for $10 per search.

“After additional analysis, we have determined that this issue potentially impacted some non-verified accounts as well,” Instagram co-founder and chief technical officer Mike Krieger said in a blog post. “Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.”

However, Doxgram, the website selling stolen credentials on Instagram for $10, has now gone offline. Though chances are, it might come back online again. Moreover, even with the site no longer functioning, personal information of many high-profile Instagram accounts has been compromised, and possibly leaked on the dark web.

A cybersecurity firm called RepKnight claimed to have found what seemingly appears to be contact information for celebrities including Leonardo Di Caprio, Emma Watson, Emilia Clarke, along with Chanung Tatum. The list of hacked accounts also includes athletes such as Floyd Mayweather, David Beckham, and Zinedine Zidane.

“There are more than 700 million active Instagram accounts; hackers say they have information on file for 6 million users. Users’ passwords were not exposed in the hack, Instagram added. The Facebook-owned service says its working with security experts and low enforcement agencies to retrieve stolen information from hackers.