On 17th June, Instagram stated that it’s testing new features that might make it easier for people to retrieve access to accounts that hackers have outstripped. The news comes after reports from users complained of losing access to their valuable accounts, and also on a separate Motherboard story about how some of these victims asked white-hat hackers for assistance.
Attackers often ploy Instagram users into clicking a phishing link that needs them to enter their login credentials, which gives the hackers access to the account. Once they’re in charge, the hacker usually changes the account’s associated email address and phone number. This makes the account retrieving access a nightmare.
As Instagram rolled out a test that would ask users to enter the email address or phone number associated with their account, or the ones they used when they originally signed up for the platform. Instagram would then send a six-digit code that would allow them to regain access, even if a hacker has complete charge over their email and phone number. An Instagram spokesperson informed that, when one re-gain access to their account, the social media platform would take extra measures to confirm that a hacker cannot use codes that is sent to the email address or phone number for accessing the account from a different device.
The same process would safeguard people whose usernames were changed. Hackers often want to gain access to an account to hold a prized username or influencer’s account for ransom. The company has earlier depended on a system that consists of hacking victims take a selfie in which they held up a piece of paper with a code that Instagram sent them. The idea is that human moderators can match their face up with the photo and verify they are who they say they are, but the system doesn’t always work.