Who knew if one had a good Instagram handle, they could be the subject of a SIM Hijacking! A very alarming Motherboard investigation found just that. Some Instagram users who were smart enough to pick a great name for their handle on the platform have been targeted by hackers looking to steal their Insta accounts for the purpose of selling them in exchange for cryptocurrency. Taking cognisance of these malicious activities in which Instagram users have been mentally harassed and even blackmailed, the photo and video sharing platform is looking to upgrade its two-factor authentication protocol.
Instagram has confirmed to TechCrunch that it is developing a non-SMS-based two-factor authentication system which will rely on services like Google Authenticator, Duo or Authy. The investigative piece that brought the SIM Hijacking issue to the fore, highlighted that hackers steal mobile numbers by assigning them to a different SIM Card. They then use two-factor authentication to gain access to people’s Instagram accounts and sell them for bitcoins. So when Instagram adds the option for authentication apps, these SIM hijackers will no longer be able to access the special code generated by the apps in order to access someone else’s Instagram account.
Further, a tipster also found traces of the new 2-factor authentication system in the Instagram Android app’s APK. “We’re continuing to improve the security of Instagram accounts, including strengthening 2-factor authentication,” Instagram told TechCrunch. Hopefully, the new method should allow for more security on the platform and bar SIM hijackers from stealing accounts. At Least, until they figure out how to bypass even authentication apps.
Image Courtesy: TechCrunch
Another update Instagram is reportedly testing is the ability to remove followers from public Instagram accounts. For long, private accounts on Instagram have had the option to remove followers, but the same luxury was not granted to holders of public Instagram accounts that are viewable to all. Even if users are blocked by a public Instagram account, that account remains accessible to the blocked party by means of a private browser window. Instagram is now correcting this oversight and planning to rollout a new “Remove Followers” feature for public accounts. The company confirmed the ongoing testing of the new feature to The Verge and also said that the person/follower who is removed will not be notified of the action to avoid any awkwardness.