A recent Instagram hack could affect the accounts of millions of users. The breach became public in early September, when private photos from celebrity singer Selena Gomez’s account were shared with followers. Since then, Instagram has tried to downplay the scope of the attack but the hackers, a Russian group going by the name of ‘Doxagram’, claim to have gathered contact details for as many as 6 million users.
The criminals have posted links to their dark-web sites on a number of public forums, advertising access to ‘celebrity contact info’ for only $10 a search. Security researchers have verified that the trove does contain information for at least 500 celebrities, including well-known names like Emma Watson and Taylor Swift. However, beyond the direct appeal to fans, the site could give criminals access to email addresses and phone numbers for almost anyone on Instagram.
A Password Reset Bug
The theft was the result of a flaw in Instagram’s mobile password reset system. Kaspersky Lab reported the vulnerability to Facebook — which also owns Instagram — and it has since been fixed, so up-to-date accounts should be secure. The 2016 version of the app sent the user’s email address and phone number in response to a request for password reset, so all hackers had to do was ask to update the password on a particular account. This made it easier to target known celebrity accounts, but it’s likely the criminals were able to gather contact details for private individuals as well.
Instagram co-founder Mike Krieger has assured users that the problem was fixed quickly once it was discovered, so no new thefts have occurred. He also highlighted the fact that account passwords were never exposed by the flaw. Facebook was able to shut down one of the hacker’s sites by buying out the domain name; however, this won’t prevent the data from being released via other means.
All Instagram Users Should be Careful
Instagram has warned all users to exercise caution with regard to calls and emails from ‘unknown or suspicious sources’. The company is also asking affected individuals to report any unusual activity via the profile links, ‘Report a Problem’ and ‘Spam or Abuse’.
Beyond this, the typical security precautions are more important than ever, both for Instagram and related accounts like Facebook and any associated emails.
· Change Your Password Regularly — Passwords were not stolen in this hack, but that doesn’t mean criminals didn’t gain access to information that will make it easier to steal your password.
· Use Strong Passwords — Use unique passwords that combine numbers, letters and characters.
· Use Two Factor Authentication — This means criminals will need to hack two accounts to gain access.
· Log Out of Your Account — Don’t leave windows open or check ‘Remember Me’ on a shared or public computer.
· Limit Third Party Apps — Any time you give a third party app access to Instagram, you’re making it easier for hackers to find a way in.
If you think sensitive data or pictures have been stolen from your account, it’s important to act immediately to minimise the damage. Compromising pictures can cause serious reputation issues if they are shared publically online. They can hurt your career, make it impossible to get a job, and even undermine personal relationships.
At Reputation Defender we work with individuals who’ve been victimised in this way, helping them to supress negative content and rebuild a positive, professional online profile. Visit our website or talk to one of our specialists to learn more.