Is There a Glitch With IG’s Two-factor Authentication?
Securing your social media accounts is of grave importance. It's best to use every security tool the platform has provided you. But what if these tools fail to do what they're supposed to do?
People use Instagram for different things. Many of us use it just to look at aesthetic photos and get updated on what's going on with the people we love. Others go to Instagram for entertainment, especially now that Instagram Reels is a thing.
But some use the platform for more important things. For example, influencers use Instagram to make a living. Meanwhile, celebrities use it to connect with their fans. Likewise, companies, big and small, use Instagram to connect with their consumers.
Regardless of your reason for being on Instagram, it would not be good if you lost access to it. Or worse, if someone stole it from you like this Reddit thread details. Your hacker could use your account to scam people. And because it's your account that they're using, they may think it was you.
Furthermore, your Instagram account contains your private information. Hackers having access to that can put you in danger.
That said, we can't emphasize enough how important it is to make your Instagram account as secure as possible. Enabling “Two-factor Authentication” is one of the best things you can do to avoid getting hacked.
What's Two-Factor Authentication
Two-factor authentication is your second line of defense after your password. Suppose a hacker learns what your password is. They can use that to log into your Instagram account. They'd successfully access your account if you don't have two-factor authentication enabled. On the other hand, they should do an extra step if you have the feature enabled.
Instagram will ask them to provide a code since they are logging in from an unrecognized device. What code? The one Instagram will send you when they try to log in. They can only get that if they have your phone or ask you to give the code to them. Needless to say, you should not give them that.
Thus, enabling two-factor authentication is one of the most effective ways to prevent hacking.
How To Enable Two-Factor Authentication on Instagram
Log into your Instagram account and tap your profile picture at the bottom-right corner of the screen. Then, tap on the hamburger menu and select “Settings.” Tap “Security” and select “Two-Factor Authentication.” Choose”Get Started.”
You can set the feature to send the code to your phone via text message. Alternatively, you can select an independent authentication app, like Google Authenticator or Duo Mobile.
New Hacking Methods
Hackers can do workarounds to access your account without needing the code from two-factor authentication. But those methods can be complicated.
If you logged into Instagram using your friend's phone after you set up 2FA, you have marked that device as “trusted.” So, you would not need a code again if you log in using that device. That said, hackers can access your account if they steal your friend's phone.
Of course, that also applies to your own phone or computer. Hackers can also access your Instagram account if they get access to it.
But that requires them to steal your devices or devices you used to log into your Instagram account. And while some hackers are also burglars, not all are like that.
However, hackers are getting even smarter, as reported by ZDNet's Steven Vaughan-Nichols. They hacked his account and bypassed 2FA with no problems. And the method they used was never heard of before.
The Senior Contributing Editor of ZDNet said that hackers accessed his account using a picture he sent. He says that he got a plausible message from one of his friends. The message contained a reset link for their account. Steven is wise enough not to click that. But the thing is, his friend did not ask him to click it. Instead, his friend asked him to send a screenshot of the message, including the link. He did that since it seemed harmless – the reset link was for his friend's account, not his. But unbeknownst to him, he had just opened Pandora's box.
Hackers used the combination of the URL on the image and his reply to take enough information to access his account.
Two-Factor Authentication Failed
Steven says that he knew something wrong was going on. He received an email asking him if he wanted to change the phone number associated with his account to one from Nigeria. But he just brushed it off because he enabled two-factor authentication.
However, he began panicking when the following events did not go as he thought they would. Instead of sending him an email with a link to “revert this change,” he got one that says “how to secure your account.” That link brought him to Instagram's page for hacked accounts. Steven says that wasn't helpful at all.
Then, he got another email saying his account was now associated with a new Gmail account. Again, Instagram did not give him a chance to revert the change.
Steven says he did all he could to regain access to his account. He asked for login links using the mobile app and contacted Instagram's tech support – which is a Facebook page. Also, he wrote to Instagram public relations with an introduction to who he is. Unfortunately, none of these bore fruits.
The journalist's case is not the only instance where 2FA failed to protect the account of an Instagram user. The Bored Ape Yacht Club, a leading NFT collective, was also a victim of a phishing attack. Aside from them, several businesses and users' accounts got hijacked despite having two-factor authentication enabled.
The lesson here is not to feel too comfortable after enabling two-factor authentication. It seems like Instagram has not yet perfected this feature, and hackers can abuse its vulnerabilities. Therefore, your best bet is still to be careful about what you do and what you share. The rule of thumb is not to do anything suspicious anyone on Instagram tells you to do.
How and Why Do Hackers Break Instagram's 2FA To Get More Instagram Followers?
One of the key reasons hackers choose to violate the rules on Instagram is the allure of fame and influence. Many users on the platform yearn to attain a significant number of Instagram followers, as it is often considered a symbol of popularity and social status. Hackers, in turn, capitalize on this desire by compromising other users' accounts and using them to gain more followers for themselves. This is executed by posting content on the hacked account, following other users, and even purchasing followers.
Another motivation for hackers is financial gain. They may utilize compromised accounts to promote products or services, or to sell access to the account for a profit. Additionally, hackers may use compromised accounts to disseminate malware or phishing links, which can be utilized to steal personal information or money from unsuspecting users.
Another tactic used by hackers is “brute force” attacks, where they use automated scripts to guess login credentials by trying thousands of combinations of usernames and passwords in a short period of time. This is why it's paramount to use a strong and unique password and enable two-factor authentication.
Hackers also use malware to gain access to users' accounts. They can install malware on a device that will record the 2FA code when it is received, or malware that can intercept text messages or phone calls, or control the device remotely.
It is worth mentioning that Instagram has a black market where hackers can buy and sell account credentials, this is a potent tool for them to gain access to more users' accounts.
Date: January 28, 2023 / Categories: Interesting, / Author: Rich Drees
