With more than 1 billion active users, Instagram is the second most used social networking website next to Facebook. So it is not a wonder to know that “hack instagram” is a widely searched keyword across the internet. There are tons of online websites and Android / iPhone apps that claims to hack someone’s Instagram account but merely none of the password hackers do the job for you.
Do you know why?
Because Instagram (owned by Facebook) take security seriously. They don’t want their users to suffer of such hacks. But still we see some people get their insta account hacked, that is majorly because of social engineering attacks like phishing, definitely not because of Instagram password hackers available online. So don’t become a victim of those downloadable apps and websites.
Before you ask who I am to talk about Instagram hacking, let me tell you that I hacked into Instagram and got a reward of $30,000 for my finding. You can read about it here.
What we are going to see is a list of all the techniques possible to hack someone’s Instagram account and their respective prevention techniques.
Please remember that this article is written with the aim of educating people about how Instagram hacking works and how should they prevent such hacks. Therefore don’t use these techniques for malicious purposes.
- Remote key loggers / Spyware
- Plain password grabbing
- Weak Passwords
- Mobile Operating System Vulnerabilities
- Instagram zero day vulnerabilities
1. Remote key loggers / Spyware
Remote keylogger is a piece of software (also called as spyware) that records whatever you type on your mobile or computer and send it to the person who installed it. So the passwords, credit card details and other sensitive information you input on your mobile or computer can easily be spied.
Most operating systems (including android & iOS) require root access before any app could record sensitive information. That’s why rooting / jail-breaking your phone isn’t a great idea when security is concerned.
Mobile spyware is a very useful software for parents who want to monitor their kids mobile activity. There are hundreds of free and paid spyware mobile apps and remote keyloggers available on the internet. You can google it for more details.
All key loggers requires physical access to install unless the device is rooted.
How to protect yourself from mobile key loggers?
- Never root your mobile device. Rooting makes your device vulnerable.
- Install any anti spy app to detect malicious application that has power to access your inputs.
- Don’t use third party keypad apps unless you really trust the publisher.
Phishing is a very successful technique used by hackers to hack an account’s password. It involves creation of a duplicate copy of a website’s login page to steal a user’s password. When a common user lands on such page, he/she might enter their username & password thinking that is legitimate login page and so they get their account hacked.
Look at the image placed above, you might not have noticed a discrepancy in the URL (https://www.instagramm.com). Spelling of the domain name, .com and forward slash is a crucial piece information to note whenever you find a login page. A legitimate URL should be https://www.instagram.com/, there shouldn’t be any change. If you notice any change, it must be a phishing page.
Instagram is a mobile app, we hardly use its web based login and hence phishing is not an easy way to hack Instagram password.
Since everybody is aware that Facebook account is enough to get started with Instagram, hacking someones Facebook account’s password leads to Instagram hacking. Therefore phishing your Facebook account password gets your Instagram account hacked.
Creating a phishing page isn’t rocket science. Thousands of websites provide direct download of phishing pages. Basic programming knowledge like php / html is pretty enough for anyone to get a phishing page done. So be cautious of phishing pages.
3. Plain password grabbing
This is one of the most common methods exploited by hackers to hack instagram accounts. We have this bad habit of using the same password for all the websites we use. I call this a bad habit because all the websites are not equally built and secured. Facebook.com might have more security mechanisms in place than a poor xyz.com. Therefore a hacker gains access to poor xyz.com’s database can hack your instagram account easily.
A password should always be hashed before storing in a database. But small and medium sized website owners store passwords in plain text and hence it is easy for a hacker to steal your all-in-all password from the vulnerable website.
How to protect yourself from hacking passwords?
- Never use a common password for day-to-day websites such as Google, Facebook, Instagram etc.
- Have two kinds of passwords.
- A strong password for important websites.
- A common easy password for other unimportant websites. Hence avoiding the need to remember multiple passwords.
4. Weak Passwords
Guessing the password through social engineering allows one to hack instagram account. It isn’t a simple task if you have a strong password.
How can we say the password is weak?
Any password that is easily guessable by a third person or someone you know is a weak password. Some common weak passwords are given below.
- Mobile Number
- Nickname / Name and Date of Birth Conjunction
- Boy Friend’s Mobile Number / Girl Friend’s Mobile Number – Most of the lovers 😛
- Girl Friend’s / Boy Friend’s Name – Most of the lovers 😛
- Boy or Girl Friend Name Combination
- Bike Number
- Unused / Old Mobile Number
- Pet Name
- Closest Person Name (can be friends too)
So if you have any one of the passwords listed above, you should change it immediately. Weak passwords are not limited to the list. We should avoid any password that is guessable.
As I have said earlier, always have two passwords. A strong password for important websites / apps and a common weak passwords for insignificant websites / apps.
5. Mobile Operating System Vulnerabilities
Android and iOS rules the world of mobile operating system and therefore vulnerabilities affecting the android and iOS can ultimately hack your mobile itself, instagram is just a part of it. These vulnerabilities are often addressed as zero day exploits. You really can’t do anything to prevent these vulnerabilities since we don’t have control over it.
Few things you can do to protect yourself
- Always upgrade your operating system once an update is available. System upgrades includes important security patches, so it is mandatory to do.
- Don’t ignore minor security updates from the mobile vendors.
- Never install apps from unknown sources.
- Install apps only from trusted publishers of app store.
6. Instagram zero day vulnerabilities
Last but not the least is Instagram vulnerabilities. Zero days are vulnerabilities that are unknown to the software vendor i.e instagram. Black hat hackers find vulnerabilities affecting instagram in order to hack accounts.
Being a commoner we can’t do anything if the vendor itself is vulnerable. All we can do is enable some basic security measures like two factor authentication. Instagram is very much secure since they run a bug bounty program where all whitehat hackers find and report security vulnerabilities.