April 19, 2019 · Filed Under Social Media
· Comments Off on New Instagram Security Fail Impacts Millions: Are You Safe?
Instagram recently discovered millions of user passwords were being stored in plain text
At KnowEm we take security very seriously. When one uses our social media registration services, we have certain criteria for the passwords to be used for registration. These criteria exist so that we can ensure the accounts created will be secured and accessible only by yourself or your team members that you choose to grant access.
Over the last 10 years, we’ve refined our guidelines and continue to evaluate them to make sure that your information is safe. Sometimes your security is left in the hands of companies that inadvertently expose some of the data that they have been trusted with securing.
In a March blog post Facebook disclosed that tens of thousands of passwords to Facebook accounts had been stored in plain text. This was discovered earlier in January. As a result, on April 18th, 2019, Facebook quietly updated the previously published blog post. They subsequently revealed that in addition to the known visible data, millions more Instagram user accounts than expected were implicated.
Facebook Update to the Report:
(Update on April 18, 2019 at 7AM PT: Since this post was published, we discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed).
Facebook has said it will notify all users whose passwords were visible and instruct them to change their passwords. We do not recommend waiting for a message from Facebook to update your passwords. If you have an account on Instagram is it recommended that you change it immediately. This will minimize the chance of someone maliciously accessing your account.
Whenever an incident like this occurs, it is strongly encouraged that you consider changing your passwords. Try not to recycle passwords, it is highly possible they have been discovered in previous data breaches which seem to happen often. Therefore, an additional step that is recommended is to enable 2 factor authentication or 2 step verification whenever possible.
What You Can Do Next: Security Resources
We’ve compiled multiple resources to assist you with securing your accounts. The most recognizable social media and service platforms are often the first attacked:
We’ll continue to monitor this situation and update you as more information becomes available.
KnowEm is happy to announce communications consultant and owner of Sevans Strategy Sarah Evans addition to our advisory board, lending her expertise on public relations, journalism and social media and sharing five tips on how to keep your identity safe on social media.
Sarah (@PRSarahEvans), a longtime friend and supporter of KnowEm, is everything from a PR entrepreneur to one of America’s “Tweethearts,” but it’s her personal mission to engage and employ the use of emerging technologies in all communication that connects her with a rapidly growing base of more than 60,000 people.
Sarah created and moderates #Journchat, the first-ever weekly live tweetchat for public relations professionals, journalists and bloggers. She runs her own blog at PRsarahevans.com and shares a daily resource for public relations professionals called Commentz.
In recognition of Evans’ role on the advisory board, here are five tips from Evans and KnowEm to keep your identity safe on social media:
1. Avoid malicious links – Be careful when clicking on links, particularly if receiving a direct message (DM) with a link – even if it’s from a trusted source.
“Of the shortened URLs leading to malicious websites that Symantec observed on social networking sites over the three-month period in 2010, 73 percent were clicked 11 times or more, with 33 percent receiving between 11 and 50 clicks. Only 12 percent of the links were never clicked,” according to the Symantec study.
2. Monitor third-party app access – Check in Facebook, Twitter and other social media accounts for third-party apps that you may or may not have granted access to your accounts. If you don’t trust or recognize the connection, revoke the apps access.
3. Strengthen your passwords – To help prevent cyber attacks and phishing scams, make sure your password is at least six characters long and contains a series of numbers, letters and punctuation marks if possible. Facebook advises not to use words found in the dictionary and select a password that’s different from any other password you select on the Internet.
4. If your Twitter account is hacked – If you notice unexpected tweets or DMs sent from your account or receive an email that you recently changed your email address associated with the account without taking any action, most likely, you have been hacked. If this happens, log out of the account, clear your browser cache and your browsing history. Once done, open a new browser window, log in and change your password and revoke access to any unrecognized third-party apps.
5. If your Facebook account is hacked – If status updates or comments appear on your account that you didn’t write, you might have been hacked. Reset your password (if able to access your Facebook login, hit “forgot your password” link to switch). After, clear your browser cache, delete your Internet history and monitor your access to third-party apps on Facebook.
Please help us in welcoming Sarah to the KnowEm family!