the staff of the Ridgewood blog
Ridgewood NJ, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) recently received several reports from NJ citizens of incidents in which Instagram accounts were hacked and the legitimate accountholder is unable to regain access to their account. In these cases, the users did not have multi-factor authentication (also known as two-factor authentication) enabled on the account prior to the compromise.
The hacker typically gains access to the account by obtaining the user’s password – often via credential stuffing or password spraying – and then promptly changes the user’s password and account details, such as associated email address and phone number, and enables multi-factor authentication. These account changes prevent the legitimate accountholder from easily regaining access to their account. After compromising the Instagram accounts, the hackers often post scams or otherwise inappropriate and unauthorized content. This is particularly damaging for business accounts for which this activity could discredit the business and cause them to lose followers and potential revenue.
The NJCCIC advises Instagram users to implement security controls that help to prevent account compromise, including establishing strong passwords and enabling multi-factor authentication where available, choosing authentication apps or hardware tokens over SMS text-based codes. Instagram provides guidance for hacked accounts on their website.
Definitions of “smartphone” and “dumbphone” should be reversed.