If you’re worried about escalating international tensions as North Korea blasts missiles over northern Japan, let me tell you something else that will make you worry about the future of mankind:
Selena Gomez has 125 million followers on Instagram.
I discovered that fact this weekend, as I heard that hackers had seized control of the American singer and actress’s Instagram account and posted revealing snaps of her ex-boyfriend Justin Bieber.
When I say “revealing” I mean the full caboodle. Bieber’s Big Lebowski was on show for all to see.
To save both Bieber’s modesty and your own innocence, I have subtly censored the image of the hacked account below.
I have no idea if Bieber is happy with his ankle spanker being on show to the world or not, but reports indicate that the paparazzi images of Bieber’s little fella have surfaced publicly before in the tabloid press.
What I *do* have a clue about, however, is that clearly Selena Gomez or her management have been sloppy with the star’s online security.
Enabling two-step verification (2SV) adds an additional level of security to your online accounts which goes beyond your normal password. If you turn on 2SV on your Instagram account (and countless other accounts), you will be prompted to enter a security code generated by an app on your smartphone when you try to log into your account.
That means that even if a hacker has managed to steal or work out your password, it won’t be enough to access your account as they don’t (hopefully) also have access to your smartphone.
You would like to think that Selena Gomez would know a thing or two about protecting her social media accounts. Five years ago a British hacker was jailed after hacking into Gomez’s Facebook account and accessing her private messages.
With 125 million followers on Instagram, Selena Gomez could do a lot of good sharing advice with fans about how they could better defend their online accounts.
That, unfortunately hasn’t happened (at least not yet). For now, Gomez has deactivated her Instagram account.
For further discussion on this story, make sure to listen to this episode of the “Smashing Security” podcast:
Smashing Security #040: 'The show that cost Troy Hunt 14 dollars'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Read more about two-step verification:
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
125 million or 250 million, Graham? But I love your site in any case.
Whoops! Thanks Brian, now fixed. :)
"Ankle spanker?", I love it. I wish I had one of those. Mine's far to short to fit the description. I did see some clips from the Phillipeans where some dude had about two and a half feet.
Graham, perhaps it wasn't necessarily 2FA not being set up. Is there a possibility some hacker could have social engineered her mobile phone provider to steal her SIM and then confirmed 2FA that way?
It's a *possibility* but I would suggest considerably less likely.
I do prefer it when online services give users the option of two-step verification via an authenticator app (Google Authenticator is perhaps the best known, but there are alternatives) rather than sending a code via SMS.
I know there are a lot of folks who hate the idea of 2FA via SMS because of the potential of a bad guy cloning your phone and receiving the code, but I do believe for most of us that's a lot less of a risk than not having 2FA enabled at all.