Is it possible to hijack an Instagram account? Yes, in the past month several users (the number not yet confirmed) have no access to their profiles. They found their username changed, with a profile photo of someone else and an unknown e-mail address and phone number.
In July, the account of a radio producer with the nickname "Salasa" was hacked. "One day I wanted to enter my account and I could not access it, I assumed that I had forgotten the password, then I put & # 39; get password & # 39; and sent me an e-mail & # 39, he explains to Infobae.
He continues: "But that e-mail was sent to an account that was not mine and that ended in & # 39; .ru & # 39 ;, for which I am neither username nor password. The account remained active. And whoever has taken it places photos of women in the profile and sets it as private. "
The producer feared for his personal images, reported the problem several times to Instagram (with the help of other users in his environment who also did it) they did.) Finally he was able to restore the account.
Today he says that he counts on his Instagram account with "strange" followers (for example from Senegal), the fruit of those "account taken" hours.
This case was one of many that the laboratory of cybersecurity company Kaspersky has As they explain, there is still no valid information about how criminals work to access user Instagram profiles.
Anyway, as they indicate, the most common method for this type of attack is phishing of personal information via a fraudulent source, such as a fake site, for example) In 2018, the products of the Russian company already avoided about 68,000 attempts to visit phishing pages with the brand Instagram.
This & # 39; wave of hacking & # 39; took place at the end of July of this year with a & # 39; D-day & # 39; : July 31 On that date, the number of phishing attacks rose from about 150 per day to almost 600.
On August 14, Instagram decided on these attacks on his blog. They say they are aware of the problem that affects different users when they open their accounts. They claim to investigate the problem.
What to do?
The social network proposes to visit their help center. It also recommends that, if the user receives an Instagram email, notifies a change to the email address that they have not initiated, they should click on the & amp; & nb; in the e-mail and then change the password.
In addition, they recommend not granting access to a suspicious third-party application and activating 2-step verification for better security (the second step is to send SMS).
In this sense they claim to work on additional functions to calculate better security.
According to Infobae Lucas Paus, expert in cybersecurity and researcher at Eset Latin America: "We can conclude that these were not phishing cases, although there is of course a increase in this type of incidents, this was not the case because they could also compromise accounts by skipping the 2FA (second authentication factor). "
For the expert there are then two options to understand what it is what happened "We might suspect that if information leakage were on the side of the platform, it is likely to be associated with misuse of vulnerabilities," he says.
In this sense, users can not prevent their information from coming to their hand. of the attackers. "The responsibility for handling the information stored in the application corresponds to the social network," he says.
Secondly: "If the attack was aimed or directed directly at the users of the platform, we could be in the presence of a botnet, which is spyware installed on thousands of devices involved. 2FA dodge, in contrast to phishing sites. "
Pope clarifies that this was not the case, but most account hacking can be prevented by activating 2FA.  "Those profiles with characteristics such as weak or reused passwords in other services, profiles that have not activated the 2FA and accounts that are public or have thousands of followers, will undoubtedly be the profiles that are most frequently sought by cyber criminals", he says.
The security tips are recurring, but it is always worth remembering:
– Always use strong passwords and do not repeat them in different applications.
– Configure the profile as private, where possible, and activate the 2FA.
– Use security solutions on the mobile device, that is, install an antivirus from the official store of a pps.
– Regularly update applications and operating system.
– Download a backup of all information from the application not to lose images or videos that have been uploaded to the platform only.
– Do not click on suspicious links.
– Check the address of the page where you want to enter personal information.
– Use only the official social networking application installed from a trusted source.
– Do not share information about the login of the account with third-party applications.