A hacker program named Instasheep has been released, and it threatens the vulnerabiltiy of the Instagram account that you've been building for your business. The security flaw that this program exploits is not new and has been known to Facebook, the company which purchased Instagram back in 2012, since they bought the photo sharing platform.
Facebook is a billion dollar company. One with access to the kind of resources we only dream about. Are they quickly getting on the issues and fixing it right away? The founder of the Instagram security flaw, Mazin Ahmed, recieved this quote in a reply to his notifyng Facebook of the security flaw:
"Facebook accepts the risk of parts of Instagram communicating over HTTP not over HTTPS."
What this means for all those out there using Instagram to build a social media following for their business is this:
- Facebook is well aware of the problem with their product
- They're risking your account by lazily securing their service
- Their concern over your safety is secondary to continuing to exploit your ignorance of the issue, allowing them to fix it slowly and cheaply
InstaSheep was built by a hacker trying to get Facebook to do the right thing and secure Instagram. With the tool out there, it should get them fixing Instagram immediately...but we'll see.
How does the Instagram security flaw make you vulnerable to attacks?
Your business' Instagram account is vulnerable mostly through a hack known as the man-in-the-middle attack. A hacker will commonly commit them in a public space over public wi-fi. If your business has a public wi-fi network that it uses, this could be your weak point.
When a hackers does a man-in-the-middle attack they are able to take over your Instagram account. When it is done to a personal account, it is usually with the aim of sending out thousands of spam messages. For a business that has it's Instagram account hacked, it could be someone looking to discredit your business by posting offensive things on your behalf.
The security flaw itself comes from Facebook's refusal to move all of Instagram off of the vulnerable HTTP to the secure and encrypted HTTPS. Now moving something like Instagram from HTTP to HTTPS isn't as simple as changing a letter, hitting 'Update,' and walking away. I'll admit that, but ignoring users in such a way is negligent, and steps needed to be taken much quicker to correct the flaw.
Can your Instagram business account be protected from the flaw?
There are three basic things that you can do to protect your Instagram account from hackers, and I recommend that you do at least one of them:
- Stop using all Instagram mobile apps, where the problem is at its worst. Use only the desktop version of Instagram. Write to Instagram and voice your displeasure with the issue. To truly make a statement, stop using Instagram all together. With a decreasing revenue stream they will be more likely to make an effort to protect you.
- Stop using the Instagram mobile apps while connected to a public wi-fi service. This is where man-in-the-middle attacks happen. If you're not using them you're less vulnerable, but no one can say for sure that your business account will be perfectly protected.
- If you must continue to use the Instagram mobile apps, which is honestly when the entire Instagram experience is best, download and use a trusted VPN service provider on your mobile device. This will protect and encrypt your connection to the Internet by enabling a level of encryption that is impossible for any hacker to live crack.The problem here is encryption, with a VPN encrypting your data on the public wi-fi you'll be free to post to your account again.
You have options available to you, don't let yourself become a victim of this security flaw. Don't let your business risk all of its hard won social media fans thanks to a flaw that you can correct on your own.
Don't be a victim of the InstaSheep: Protect your business from the Instagram security flaw
While Facebook clearly has the money and skills to protect you from this security flaw, they continue to drag their feet. This kind of negligence is the exact type of issue that the security community rallies around as we all try to help those who may not have any idea that they are vulnerable. Hopefully, having read this, you take action.
A final note, with the link that many businesses have between their Instagram and Facebook accounts, with Facebook being the parent to Instagram, is that any association you have between the two can potentially be exploited. Shared usernames, shared passwords, connection via apps, all are potential exploit points through this security flaw. If your Facebook and Instagram accounts being potentially hacked doesn't get you taking your online security seriously, it's time to give your head a shake and figure out if you actually want to market your business online.
Feature image from Open Clips.