Hackers Target Instagram, Users Blame Russia: The Facebook owned photo sharing platform Instagram which has reportedly fallen victim to an attack, which do appears that have originated from Russia, according to news from The Sun. Both Mashable and Reddit have reported the use of word “hack” in their tweets related to an Instagram account. Additionally, Google Trends which shows you a significant jump in the searchers for “Instagram Hacked” occurred 7-11 August.
A tweet continues to thrash on Twitter, which results in social media meltdown that’s revealing the widespread user frustrations over the lack of response from Instagram.
One user tweeted, “your help center is so unhelpful. How am I supposed to gain access to my hacked account if all you want to do is send an email asking me to reset my password and that email has been changed to theirs???”
One of the users has advised the instagram users to immediately activate two-factor authentication. “I very much doubt 2FA was in use in the hacked accounts, so switching on 2FA will certainly prevent this type of attack,” said Andy Norton, director of threat intelligence at Lastline.
However, there have been reports that says some of the account were using the layered protection of 2FA.
“Although this is an excellent security control and should always be used, it’s not foolproof and can be defeated if someone is either able to take control of the mobile phone number the receive the text message code or if they can trick the account holder into visiting a fake version of the real website that interacts with the real website and prompts the user to enter the two-factor code,” said Rob Shapland, principal cyber security consultant at Falanx Group.
While the accounts takeover that all seems to be linking with a Russian email address which probably could be the attack from Russian hacking group, it remains possible that another group might act to be Russian.
“Having a hacked account associated with Russian email address may well signify that the attacker is a resident of that country, but it is certainly not a foregone conclusion. Email addresses are easily spoofed, either to conceal identity or to encourage fingerpointing toward the wrong place,” said Lee Munson, security researcher at Comparitech.com.