An MTA-exclusive analysis of the recent Instagram hack
Leonardo DiCaprio, Emma Watson, Rihanna, Taylor Swift, Neymar, Zinedine Zidane, and many more. Hang on. This isn’t some lineup announcement of a celebrity gig or red-carpet entries!
After Twitter’s days of disarray in July last year with the hacking of Jack Dorsey’s Twitter and Vine accounts along with other users, this time, the hack hurricane (a bug, actually) has hit the popular photo-sharing social network – Instagram. Initially, the incident was said to have affected only verified accounts, but later, reports surfaced that the bug has hit accounts of non-verified users as well.
What went wrong!?!
The bug caused an exposure of contact information and email addresses as it allowed the scraping of these Instagram accounts for hackers. A database by the name of Doxagram was established by the hackers that had the contact information of the affected accounts for sale at $10 per account. The database offered information on thousands of accounts and included the top-50 accounts in terms of followers. The only positive (if any) to this hack is that only information has been scraped and not user passwords.
Instagram has above 700 million active users and the hackers claim information on 6 million of them (including Doxagram). The hack first came into the spotlight with the account of Selena Gomez and has affected the accounts of celebrities likes Zac Efron, Emilia Clarke, Channing Tatum (his Twitter account was also hacked last year), Floyd Mayweather, Ronaldinho, David Beckham, Snoop Dogg, Beyonce, Ellie Goulding, Lady Gaga, Katy Perry, Harry Styles, Adele, Victoria Beckham, and Britney Spears. These names were tracked as purported contact information by RepKnight, a cybersecurity firm.
Subsequently, the database (with information on sale) threat was subsided to a certain extent when Instagram, its owner Facebook, and some other celebrities bought Doxagram domains till they exhausted.
The repercussions and a retrospective
This means that the mentioned celebrities and other users (high-profile) will need to change their email IDs or/and phone numbers. The threat is that by leveraging social engineering, hackers can get an access to their accounts. That was the case with Selena (highest-followed user on Instagram) whose profile was literally hijacked briefly with some distasteful photographs posted through it.
This entire episode sets two alarms. Firstly, an average, non-verified Instagram account is prone to hacking. And secondly, Instagram not being aware of the accounts that were affected. This was quite clear from a company blog post, in which, Mike Krieger, CTO and Co-founder, Instagram, stated, “We quickly fixed the bug, and have been working with law enforcement on the matter. Although we cannot determine which specific accounts may have been impacted, we believe it was a low percentage of Instagram accounts.”
In the post, Krieger added, “We encourage you to be vigilant about the security of your account, and exercise caution if you observe any suspicious activity such as unrecognized incoming calls, texts, or emails. Additionally, we’re encouraging you to report any unusual activity through our reporting tools. You can access those tools by tapping the ‘…’ menu from your profile, selecting ‘Report a Problem’ and then ‘Spam or Abuse’.”
A blast from the recent past
The account or data threat looms large and goes beyond just social sites. In February this year, web security and content delivery network, Cloudflare, fell prey to a malicious bug that engulfed many major websites that the company serves as their sensitive data and private sessions got exposed. It included tokens, cookies, and passwords that are key to authentication of users. The bug was named Cloudbleed (after the infamous Heartbleed from 2014). The bug was so devious that not just the websites, but also the mobile apps on the network of Cloudflare were endangered.
A graphical representation of how Heartbleed worked (most bugs still work in a similar manner):
What’s bugging marketers
For marketers, these bugs can at times cause irreparable damages by making customers move away from them. After all, security lapses are the worst form of CX. The threat of bugs is clearly not restricted to just software. An API infrastructure, or let’s say, any functional system can come at a bug’s radar. Why? Because, if it’s a system or infrastructure, 100% efficiency is an ideal, dream-state world. Simply put, bugs deviate a system from its main course or purpose.
A bug attack is not confined to ‘codes’ or ‘coding’. And another hard pill to swallow is that a bug can be identified only after it has affected a system. There’s no prognosis. That leaves marketers or organizations with an only choice – once identified, take corrective actions so that the bug doesn’t show up again.
The best way to ensure that a bug doesn’t recur is simple yet complex. Simple – just like life’s bugs, the way to avoid a recurrence is to find the fundamental cause of the bug. Complex – a system’s bugs involve syntaxes, codes, algorithms, and more such tech-heavy terminologies and explanations. But the idea is to have robust teams of developers and programmers. Where there is a system, there will be a bug. Often, when there’s a bug attack (or even an outage – recall Marketo?), it’s the CTOs who face the gun. But this is where marketers should work closely with CTOs and API teams. A ‘this-is-a-CTO job’ approach can, in the long run, lead to hampered revenues and ROIs.
Prepare for the best, ready for the worst
The social networks will grow, the number of active users will grow, and so will the customers of businesses with adept strategies. Just like the buck doesn’t really stop, bugs don’t either. There are bound to be bad days just like Twitter, Cloudflare, and Instagram have had. The best foot forward is to ensure that the decision makers of all prominent functions of businesses work in tandem. At the same time, be ready to fall at some stage. When that happens, it’s all about standing up again as soon as possible.