In a recent hack, an Instagram bug was exploited to gain unauthorised access to about 6 million users accounts and their credentials. The hackers made use of a bug in Instagram’s API and gained access to high-profile user’s contact numbers and email addresses. Instagram has not given provided any info regarding who the affected users are or how the hackers gained access to user’s Insta, however, this news came two days after hackers gained access to Instagram’s most-followed user’s account, Selena Gomez, and posted private pictures of her ex-boyfriend Justin Bieber.
Kaspersky has conducted an in-depth analysis on the latest Instagram hack. They have provided us with the technical details and a brief analysis of how the perpetrators gained access to such a popular and supposedly “secure” platform such as Instagram.
Kaspersky researchers discovered that the vulnerability which allowed hackers to gain unauthorized access to Instagram exists in its mobile app version 8.5.1 which was released back in 2016. The current version of the Instagram mobile app is 12.0. Researchers point out that the attack method was relatively simple. Using the outdated application, the attacker selects the reset password option and captures the request using a web proxy. Then they target a victim and send a request to Instagram’s server carrying the target’s username. The server returns a JSON response with the victim’s personal information including sensitive data such as email and phone number.
Even if the attack is simple, it is quite a labor intensive task as each attack has to be done manually since Instagram uses mathematical calculations to prevent attackers from automating the request form. Kaspersky also reveals that the hackers were spotted on an underground forum, trading the personal credentials for celebrity accounts.
Altaf Halde, MD- South Asia, Kaspersky Lab advises users who are still running older versions of the Instagram software to immediately update to the latest available version. Kaspersky also advises users to stay safe on social media by using different email addresses for different social platforms, reporting any concerns or irregularities to the network and, most of all if users receive emails about a password restore that they have not initiated, alert the corresponding service immediately. Kaspersky has already shared this brief technical analysis with Instagram.
Other Popular Deals
- 10 websites and applications you must know about8 music streaming services worth trying out
- 6 ways to start learning Microsoft AzureHow to improve your Firefox browsing experience
- The 12 most hilarious YouTube channels10 Microsoft Big Data Success Stories
- Next year, these attacks will threaten your cybersecurityWhy you won't need cable or DTH in 2017
- Weird but interesting websites you ought to bookmark right...Daily deals roundup: Discounts on headphones, PC...
- Flipkart New Pinch Days sale: Offers on Google Pixel 2,...10 YouTube sci-tech channels every geek should follow
- 10 reasons to trust Azure with your data15 apps and websites to accomplish everyday tasks
- 15 must have chrome extensionsOn International Internet Day, know your internet