According to recent reports, hundreds of users have been locked out of their Instagram accounts from July this year. It is speculated that these individual attacks are all part of the same hack, although Instagram is yet to investigate or confirm this.
A wide range of Instagram users are being logged out, having their handles and profile avatars altered and their bios deleted. What is more, when trying to reset their password, users have found their account has been linked to a new email address with a Russian domain. Many victims did not have two-factor authentication enabled, but disturbingly some did. The attack headlined across Twitter, with users desperate for help from Instagram. Although they acknowledged the concerns in a recent post, many found Instagram’s security advice inadequate.
However, Instagram announced yesterday that it was introducing three new security tools designed to “keep Instagram safe”. The first of these is an extension of the verification tool. This was introduced in 2014 but was designed exclusively for users who were highly susceptible to impersonation, such as celebrities, politicians and global brands. The elusive blue-check, however, can now be requested by any Instagram account as a way to “confirm the authenticity, uniqueness, completeness, and notability of each account”, according to co-founder and CTO Mike Kreiger.
The second tool being rolled out is a new “About This Account” feature, allowing users to view certain details of accounts “that reach large audiences”, according to the post. This information includes when the account was created, its location, any former usernames, shared followers and any ads being run by the account. This feature was designed to tackle the growing issue of ‘fake news’ plaguing Instagram and many other social media platforms.
Finally, Instagram is introducing a new, more secure form of two-factor authentication after being heavily criticised for thier use of SMS-based authentication, which is dangerously susceptible to SIM-hacking. The new method will instead allow users to utilise a third-party authentication app such as LastPass Authenticator or Google Authenticator when logging into their accounts. These third-party authentication apps create random codes that change every minute, are accessible without an internet connection and are significantly less susceptible to interception by hackers.
Instagram is particularly susceptible to account hacks in recent years due to a growing market for stolen account usernames, also known as handles. Those in the trade explain that some usernames can sell for around $500 – $5,000 in online marketplaces. For example, several hackers claim that the Instagram account @t recently sold for around $40,000 worth of Bitcoin. These usernames are stolen by attackers hijacking user’s phone numbers, which are linked to the Instagram account, and taking control of the SIM to re-route all texts and calls to a different SIM card.
These three tools are being rolled out in an effort to bolster account safety and increase trust. The company is aware that they have more work to do to keep bad actors off Instagram, but Kreiger explains that they are “committed to continuing to build more tools to do just that”.
Instagram is one of many companies bolstering their security and risk strategies. This is because they know that attackers will exploit the vulnerabilities of those businesses that fail to recognise and locate their cybersecurity risks. It is becoming increasingly important for businesses to invest in their security needs, developing effective security strategies that are both proactive and reactive. Contact us today to see how Agilient can help you protect your business.