Instagram Flaw Exposed Information of Six Million Users
By: Jim Stickley and Tina Davis
September 18, 2017
Another recent data breach involved an action that led to private information of many people, including celebrities to be stolen by hackers. The site was Instagram and due to a “bug” in the product’s code, the hackers didn’t have to do quite as much work to get that information that is likely to end up for sale on the Dark Web. That’s because they were able to exploit that vulnerability and access phone numbers and email addresses of Instagram users.
While researchers don’t believe passwords were accessed, it is probably a good idea for everyone with an account on Instagram to change them. If they were part of the data, it’s possible for the thieves to reset passwords by initiating a password reset process, which is completed via the email address (which was stolen) associated with the accounts.
Make sure all passwords are at least eight characters, include numbers, special characters, and both upper and lower case letters. They should also not be used on any other online site.
In addition, as with any online account use the multifactor authentication option. This is a relatively new feature of Instagram, but is available and recommended. To use it:
- Go to your user profile in the app and click on the profile icon.
- Click the “options” or the sprocket icon, usually in the upper right corner.
- Scroll down and touch the “Two-Factor Authentication” (2FA) option, then turn it on. In order to use it, a phone number that can accept text messages must be entered into the profile.
As a nice feature of the 2FA, you can take a screen shot of additional backup codes in case you cannot receive text messages for some reason and want to log in to your account.
According to Kaspersky Labs, it was still a quite labor-intensive process to gain access to the information, but apparently the value made it worth the criminal’s time to get it. A representative from Instagram, which is owned by Facebook, said the flaw has been fixed, but the horse has already left the barn for the reported six million users who were victims.
The issue was discovered when nude photos of Selena Gomez were posted to her Instagram feed; and she wasn’t the one who posted them. Other celebrities named who also were victims include Lady Gaga, Zac Efron, Snoop Dog, and Taylor Swift among many others. In a blog post, Instagram wrote, "Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts." According to Motley Fool, there are 700 million monthly active users of the service.