This article originally appeared in Information Security Buzz on August 17, 2018.
Instagram has been hacked and users say their emails have been changed to .ru domains. Hackers were able to get in and change user’s information such as usernames, profiles photos, passwords, and linked Facebook accounts among other things. Instagram has given instructions to users on how to restore their affected accounts and revoke access to third-party apps.
Niles Rowland, Director of Product Development at The Media Trust:
“Instagram’s guidance on hacked accounts demonstrates the company’s efforts to protect user data from unauthorized collection and use. The fact that the guidance includes instructions on how to remove access to third-party apps might indicate that Instagram is concerned poorly defended third-party app providers are being targeted by Russian hackers to access user accounts. By blocking access to these third-party apps, Instagram is able to close security loopholes, as well as prevent consumer data from leaking to unauthorized parties. The latter is particularly important as a growing number of consumer protection laws like the EU’s GDPR, Canada’s PIPEDA, and the California Consumer Protection Act crop up around the world, especially in highly developed, wealthy markets. Blocking third parties protects not only Instagram users and Instagram itself, but also third-party app providers, who, under a law like the GDPR, would be liable if miscreants get hold of users’ data through them.