This Instagram Hack Goes Beyond Celebrity Accounts
Instagram has acknowledged it was breached last week. According to reports, as many as six million accounts may have been compromised. Hackers have reportedly created a dark web database of users’ phone numbers and email addresses; if this is true, the information is not freely available to the public. As always, IDShield is monitoring the situation for our members, and will alert them, should their personal information be found on a dark web site.
The attack involved sending a password reset request and intercepting the phone and address details sent back in response. Users’ passwords were not exposed. This hack only worked on 2016 versions of the app, meaning anyone who recently updated the app is safe. According to Instagram’s Chief Technology Officer (CTO), the bug was quickly fixed and they have been working with law enforcement on the investigation. At this time, they are unable to determine which specific accounts have been affected.
What Does It Mean?
This hack is particularly useful for attackers because it contains both email addresses as well as mobile phone numbers. Armed with this information, attackers could try and socially engineer a person by contacting them with fake fraud alerts via SMS (text message) and/or email in an attempt to convince users to provide passwords or SMS verification codes.
What Should You Do?
We encourage everyone with an Instagram account to exercise caution if you encounter any suspicious activity, such as unrecognized incoming calls, texts, and emails, as these may be phishing attempts. With this particular event, be wary of requests for passwords or verification codes.
You can help protect your personal information by keeping your operating system and all apps up to date. Be observant so you can protect yourself. Simply being mindful of common tricks puts you one step ahead of these would-be scammers.
We remind all IDShield Members to keep your account information up-to-date, including social media monitoring profiles, so that we can better monitor your information and alert you if any registered information appears in an online marketplace or in public records. Login to your account by visiting to www.myidshield.com.
IDShield monitors and provides alerts for the most popular social media accounts: Facebook, LinkedIn, Instagram, and Twitter. Members are alerted for the exposure of their personally identifiable information on image captions, posts, comments, and more. They will also be alerted for content that could potentially harm their reputation. For more information, please visit: https://www.idshield.com/plans-and-pricing.
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.