Social media is now used by an incredibly large portion of the global population. It allows us to connect and chat with old and new friends, as well as those from all around the world. It also facilitates the mass sharing of information between people as they post and send links around. You can also upload your favorite pictures to let your friends and followers know what you are up to. Although, there is a downside to social media, which would be that so many people are putting their personal information online that it becomes a treasure trove for cyber criminals. They want the personal data that people are so freely posting online, and we have already seen attacks on these types of sites before. In a recent event, Instagram said that hackers were able to access the accounts of some high-profile users.
How the Hackers Gained Access
This news comes two days after Selena Gomez’s Instagram account had been hacked and nude pictures of her ex-boyfriend Justin Bieber were posted on the page. Gomez is Instagram’s most followed user, meaning that these pictures were seen by a large number of other users. The account was quickly taken down and then appeared back online shortly after with the nude photos removed. The reports from Instagram and other sources do not disclose any details in regard to the specific accounts that were affected by the hacks, nor how many. The vulnerability that allowed the attacks to occur was within the social media platform’s application programming interface (API), which is used to communicate with other apps. Exploiting this vulnerability apparently allowed the perpetrators to gain access to the user’s phone numbers and email addresses, but no passwords were obtained. This type of stolen information could still be used as part of malicious social engineering tactics to potentially gain illicit access to user accounts. Instagram has notified their verified account users about the possible leak, and advised users to be wary of unrecognized emails, texts, and calls.
As mentioned above, this is not the first social media hacking or breach incident that we have seen over the years. Just last year, Myspace disclosed a breach that involved around 360 million account email addresses and passwords, although the data was several years old, as it was from some accounts prior to June 11, 2013 . And in another breach, Tumblr had also discovered just last year that around 65 million user email addresses and passwords were compromised in 2013. The recent Instagram attack displays that cyber criminals are most definitely still targeting social media sites, and these platforms must ensure that their security is comprehensive enough to defend their users.
Beefing Up Cyber Security
Despite the multitude of extant threats and numerous breaches, there are still some organizations that tend to somewhat neglect cyber security. They may implement antivirus and firewalls and leave it at that, but this is simply not enough. This is not to say that Instagram is guilty of this, as it is highly improbable that their cyber security is that minimal, but some organizations are in this state. Modern threats are more advanced and insidious than ever, and extensive and proactive defenses need to be in place to properly protect customer and organizational data. This includes implements like intelligence about the threat landscape, and monitoring to prevent infiltration in real time. It also includes regular meticulous review of security measures to detect even the most minute vulnerabilities, such as the one discovered within Instagram’s API. Massive Alliance offers a number of tools and services that can help organizations of all sizes to bolster their cyber security.