Instagram User? Ways To Prevent From Falling For Account Theft
Just like other social media platforms before it like Twitter and Facebook, Instagram (which is also a Facebook property) has experienced massive growth of its user base for the last 3 years. Instagram app used to be an iOS exclusive, but as it opened its doors to Android, it exploded to a whole new level, becoming a rival not only of Twitter but also of its mother company, Facebook. The unfortunate scenario of becoming a very popular app means that it will attract the attention of a typical Android/iOS user, but also by those that desire to “profit” from big data in not so good reason: the hacker community.
But before we start our discussion of Instagram when it comes to its cybersecurity readiness, we need to lay-out the foundation first, for all intents and purposes, an account “getting hacked” is a misnomer. Yes, a misnomer as the correct term is “stolen.” A popular app such as Instagram has a state-of-the-art user database system that keeps usernames and passwords in a secure salted hash format. The possibility of this salted hash information to be converted back to usernames and passwords by the hacker using clever reverse-engineering is impractical. The encryption standard of AES-256bit is too strong and too complex for even the super computers of today to bruteforce decrypt in a reasonable amount of time. No hacker will wait for 25, 50 or 75 years for the bruteforce decryption to complete.
When a user claims that his account was hacked, whether it is a Facebook, Twitter or Instagram account, the most probable is he became a victim of a phishing attempt. Phishing are messages sent by an attacker to the target user in an attempt to steal enough information for the attacker to ‘pretend’ to be the user. This maybe in the form of stealing the user credential using a malicious form, a keylogger infection or by forwarding the user to a legitimately looking website similar to a genuine web service site.
Of course, the more popular the user is in Instagram (or any social media platform for that matter), the bigger chance troublesome individuals in the platform will target him. At first, friendly exchange of pleasantries may occur, until the attacker gains the trust of the target user. It now becomes easier for the attacker to redirect his target to any phishing link or malicious website, as trust has been established. A healthy level of skepticism on whom to trust online should be practiced by not only a popular personality in social media, but of everyone.
One of the best practices, when it comes to social media interaction is establishing a social media page for personal and business/professional use. This way, the contacts will be stored separately, with business/professional contacts not included in the “notifications” when a content that is categorized as “personal” is posted by the user. This is also a great filter to keep personal contacts from learning about your professional/business contents. The professional page can also be locked-down to just be viewable by the user’s professional/business contacts, filtering-out people that are just “curious.” It is imperative not to let 3rd parties be given a small window of opportunity to take-over your social media account, take control of your own security. As an added bonus, all mainstream social media platforms offer two-factor authentication. A 1-time code will be sent to the user’s registered mobile number, and it is needed to completely logged-in to the account. This adds a strong layer of security over just plain password login.
Julia Sowells707 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.