News | HiddenRefer

Navigation

  • Home
  • Cloud
  • Crime
  • Cyber
  • Data Breaches
  • Drug Raids
  • Privacy
  • Security
Subscribe
News | HiddenRefer

The Best Curated Freebies in One Place

0
0
0
0
News | HiddenRefer
  • Home
  • Cloud
  • Crime
  • Cyber
  • Data Breaches
  • Drug Raids
  • Privacy
  • Security
  • Data Breaches

Following Instagram breach, users urged: Protect accounts with 2FA

  • September 7, 2017
  • hiddenrefer
Instagram breach
Total
0
Shares
0
0
0
Advertisements

Following an API vulnerability privately reported by Kaspersky Lab to Instagram, the Facebook-owned service issued a warning to its high-profile users, urging them to use 2FA to protect their accounts, as well as to exercise caution in relation to suspicious emails, phone calls and text messages. The security hole caught Kaspersky Lab’s attention after their researchers spotted celebrities’ personal details being offered for sale in an underground forum.

Shortly after reporting the initial news of the Instagram breach, security publisher Ars Technica received an email from a person who claims to have pilfered details of six million Instagram accounts. This person also claimed that they are now peddling the phone numbers and email addresses of these accounts on an online blackmarket store, selling them at $10 a search. Each search yields a phone number or email address, if available. To establish their credibility, the hacker provided a sample of 10,000 records, which after further investigation by Ars, appear to be genuine.

Kaspersky Lab reported that the flaw relied on exploiting an older version of the Instagram app released last year, and that it utilized the password-reset option. Instead of directing the password-reset request to Instagram’s servers, the attackers sent it to a web proxy. This enabled them to get their hands on the request’s code, replace the original username with that of a targeted celebrity, and then forward it to Instagrams’ genuine servers. The latter, in turn, replied with the targeted celebrity’s email address and phone number.

Instagram has since patched the API hole, and according to its statement the bug could only be “used to access some people’s email address and phone number even if they were not public. No passwords or other Instagram activity was revealed.”

Was the vulnerability in question tied to the Selena Gomez Instagram incident, in which private pics of her ex were unknowingly posted on her account? Looking at the Instagram statement, and the records being sold in the underground, no passwords were revealed—so there is no clear connection. Theoretically, one could use the pilfered phone number and email for an attack involving social engineering, such as a phishing or SMiShing attack.

In any event, by turning on two-factor authentication, Instagram is urging its users to step up their security. With 2FA enabled, each time an account is accessed from a new or unrecognized device, Instagram users are required to enter a one-time-passcode sent to them via an SMS text message, substantially mitigating the risk of various types of abuse and exploits.

How do you protect your users from an incident like Instagram’s breach? Learn how multi-factor authentication can help you thwart different types of attacks. Read the Security Survey of Strong Authentication Technologies – White Paper, or visit Safenet.Gemalto.com/Multi-Factor-Authentication.

 

 

 



Total
0
Shares
Share 0
Tweet 0
Pin it 0
hiddenrefer

Previous Article
Game of Threats: It’s Time for a New Data Security Script
  • Data Breaches

Game of Threats: It’s Time for a New Data Security Script

  • August 1, 2017
  • hiddenrefer
View & Download
Next Article
Data breach statistics 2017: First half results are in
  • Data Breaches

Data breach statistics 2017: First half results are in

  • September 21, 2017
  • hiddenrefer
View & Download
You May Also Like
ARcare reports breach; Smile Brands updates its disclosure to 2.6 million affected
View & Download
  • Data Breaches

ARcare reports breach; Smile Brands updates its disclosure to 2.6 million affected

  • hiddenrefer
  • April 26, 2022
Exposing a campaign that intimidated researchers and journalists
View & Download
  • Data Breaches

Exposing a campaign that intimidated researchers and journalists

  • hiddenrefer
  • April 24, 2022
Lewis and Clark Community College sends out notifications concerning ransomware incident
View & Download
  • Data Breaches

Lewis and Clark Community College sends out notifications concerning ransomware incident

  • hiddenrefer
  • April 22, 2022
Pro-Iran hackers target Israel Airports Authority website; Israeli portal also hit
View & Download
  • Data Breaches

Pro-Iran hackers target Israel Airports Authority website; Israeli portal also hit

  • hiddenrefer
  • April 21, 2022
Has a security researcher been scared away?
View & Download
  • Data Breaches

Has a security researcher been scared away?

  • hiddenrefer
  • April 20, 2022
SuperCare Health Sued After Data Breach
View & Download
  • Data Breaches

SuperCare Health Sued After Data Breach

  • hiddenrefer
  • April 14, 2022
Motta's LinkedIn Profile
View & Download
  • Data Breaches

‘Ethical Hacker’ Was Anything But

  • hiddenrefer
  • April 12, 2022
East Tennessee Children’s Hospital updates information on ransomware incident
View & Download
  • Data Breaches

East Tennessee Children’s Hospital updates information on ransomware incident

  • hiddenrefer
  • April 8, 2022
  • Twisted diary of alleged Buffalo shooter Payton Gendron reveals his online radicalization
    Twisted diary of alleged Buffalo shooter Payton Gendron reveals his online radicalization
    • May 17, 2022
  • California church shooting suspect David Chou charged with murder
    California church shooting suspect David Chou charged with murder
    • May 17, 2022
  • Brush fire contained near Griffith Observatory, person detained
    Brush fire contained near Griffith Observatory, person detained
    • May 17, 2022
  • Glendale apologizes for sending alert to Los Angeles County
    Glendale apologizes for sending alert to Los Angeles County
    • May 17, 2022
  • Woman arrested after ramming into patrol car, police say
    Woman arrested after ramming into patrol car, police say
    • May 17, 2022

Featured Categories

Cloud Security
243 Posts
View Posts
Crime News
3152 Posts
View Posts
Cybersecurity
202 Posts
View Posts
Data Breaches
70 Posts
View Posts
Drug Raids
122 Posts
View Posts
Privacy
93 Posts
View Posts
Security
979 Posts
View Posts
about
Navigation
  • Home
  • Cloud
  • Crime
  • Cyber
  • Data Breaches
  • Drug Raids
  • Privacy
  • Security
Featured
  • Twisted diary of alleged Buffalo shooter Payton Gendron reveals his online radicalization
    Twisted diary of alleged Buffalo shooter Payton Gendron reveals his online radicalization
    • May 17, 2022
  • California church shooting suspect David Chou charged with murder
    California church shooting suspect David Chou charged with murder
    • May 17, 2022
  • Brush fire contained near Griffith Observatory, person detained
    Brush fire contained near Griffith Observatory, person detained
    • May 17, 2022
  • Glendale apologizes for sending alert to Los Angeles County
    Glendale apologizes for sending alert to Los Angeles County
    • May 17, 2022
  • Woman arrested after ramming into patrol car, police say
    Woman arrested after ramming into patrol car, police say
    • May 17, 2022
News | HiddenRefer
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Input your search keywords and press Enter.