In light of their recent security breach, Instagram has revealed a flaw in its system that allowed a breach to be possible. Mark James shares advice on how you can avoid falling victim.
The breach includes phone numbers and email addresses of celebrities that use the social media platform.
The company has warned the verified users, who tend to be celebrities of some kind, to be extra cautious about unexpected phone calls, texts and emails, and to be wary of suspicious activity on their accounts.
Instagram had emailed all the verified users to let them know about the breach, and although Instagram claims no passwords were stolen, pop singer Selena Gomez’s high profile account was compromised.
Mark James, ESET IT Security Specialist, comments on this latest attack and provides a list of do's and don'ts for avoiding such hacks online.
“The term hack is often used way to much these days. It’s used whenever we see data or contents strewn over the internet, regardless of source.
“Quite often it’s beyond your physical control to stop breaches or hacks happening, but you can limit the damage from these intrusions.
“Here are some of the reasons you may be involved in a data breach - notice I don’t use the word hack.”
DON’T: Reuse Passwords
“The big companies Facebook, Microsoft, Apple etc. will invest millions to keep you safe, but if you are re-using your passwords from one site to another it makes no difference how much they spend.
“If your username, which is often your email address, and password gets stolen from a site that uses little or minimum protection, such as forums, fan sites etc., and you have used the same combination on another more protected site, hackers or criminals will just try your username and password on various sites to see if it works.
“That’s not hacking that’s taking advantage of your oversight.”
DON’T: Use Weak Passwords
“Of course you hear this a lot, avoid weak or simple passwords.
“Always choose where possible, a pass phrase and don’t forget you can often use spaces in your password.
“Try to think of a combination that you can remember and modify for each site, and one you will remember.
“It does not necessarily have to make much sense to others, but be careful of changing your password too regularly as it could force you to use weak passwords in an attempt to remember them.”
DO: Use Password Managers
“It’s almost impossible to remember every password for every login you have.
“These days password managers can help with that: they are cheap or even free in some cases and will generate, store and even autofill both your username and password for you.
“Many will have a backup mobile application to enable you to use them at different locations and all you need to remember is a single unique password to protect all those logins, or even better use Two-Factor Authentication.”
DO: Use Two-Factor Authentication (2FA)
“More and more websites and services are using 2FA to help you protect your logins.
“It’s essentially a third process to validate you. You enter your username and password, and either a text is sent to your mobile or a code is generated by an app on your device which you enter as a second authentication method.
“That way even if your password is compromised you will still get a notification that your details are being used, if they cannot enter the correct 6 digit number or you don’t authorise the login attempt it will never be successful.
“If you get one out of the blue then go to the relative website yourself and change your password immediately.”
DO: Use Internet Security Software
“If your device allows it, then make sure you install a good multi-layered regularly updating internet security programme, this will find and stop any malware that’s trying to steal your credentials.
DO: Patch and Update your OS and software
“Make sure you regularly update or patch both your operating system and applications.
“Keeping your software up-to-date is a good way of closing any vulnerabilities that hackers may use to gain control of your systems through malware.”
DO: Protect your Info
“I know this sounds like a no brainer, but be wary of anyone requesting information even if they seem to have some verifiable data already.
“NO company should ever contact you out of the blue and request your password.
“In theory, these days no company should ever ask you for your FULL password, selected characters is acceptable for validation.
“If you are contacted be polite and explain you want to validate them before proceeding, hang up or close the email, use a different method and contact the company to verify it’s legit.
“If it is they will understand your concern, if not you could be saving not only your money but possibly a lot of stress.”
How many of the above tips do you use already? Let us know on Twitter @ESETUK.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.