6 million Instagram accounts affected due to a security bug
It’s time to enable that 2-step verification, because hackers will not stop at creating new ways to exploit security flaws.
Recent hack of Selena Gomez Instagram account was all over the news. Even if you do not follow celebrity gossip, this is important for you and 700 million other active users of Instagram.
Just after the Gomez hack, a marketplace was opened for phone numbers and email addresses of 6 million Instagramers. Contact information went up for as little as $10 via bitcoin.
The hack happened due to a security bug that allowed the data leak. The hackers responsible for it claim to have stolen the contact details from high profile Instagram users, including Cristiano Ronaldo or Jennifer Lopez.
Instagram CTO comments that the security bug was fixed right away and that no passwords or other data was revealed.
What’s the takeaway?
Our cybersecurity expert Kęstas Malakauskas notes that this is an ongoing process which requires vast knowledge, expertise and accuracy in wide variety of technical and procedural controls. During recent years we’ve seen few massive account detail compromises and leaks (LinkedIn, Fitbit and others).
Companies providing social services need to adopt security by design framework and have good orchestration of technological and procedural controls in place to safeguard their assets and provide secure and reliable APIs to customer data without any possibilities to avoid Confidentiality, Integrity, Availability (CIA) principles. But obviously this is the area which ordinary customers aren’t able to control and influence much.
“It is just a matter of time when there will be another X vulnerability identified or exploit created in Y product or software. Social media and private accounts (especially the ones owned by celebrities, politicians, journalists) will always be an interesting target for criminals for variety of motives,” – concludes Kęstas.
What you can do?
The good news is that all of us are able to introduce additional safeguards to stay safe online and secure personal details.
7 cyber hygiene tips to prevent hackers from getting into your personal accounts:
- Check websites for encrypted session (HTTPS) and valid certificates. Is must be in place whenever you use your online banking or other personal online accounts. Always look for green lock in browser address bar which indicates that you on HTTPS and certificate is valid.
- Read terms of service. Yes, we know it’s hard. But make sure you allocate some time read terms of service of the specific service you are signing up for. This can shed some light on best practices company follows to secure your personal data.
- Use complex passwords. Don’t use your name/surname, your kids names, pets names and similar wording which could be easily gained doing light reconnaissance activity through your social media profiles. “Password123” is not safe as well.
- Change your password on continued basis. Some of the services will enforce change of old passwords, but others might not have such policy. This will prevent hackers from probing/guessing your passwords to gain access to your account.
- Don’t post your personal details. Phone number, email address, home address and etc. should not be visible on any social media accounts.
- Enable two factor authentication (2FA). This will prevent (or at least make it challenging for hackers) to access your personal account even if the actual account credentials are compromised.
- Think before you click. Make sure you click (or open attachments) from only reliable senders and the ones you definitely know.