Search This Blog

Showing posts with label Instagram. Show all posts

Scammers Employ Instagram Stories to Target Users

 

Instagram is the fourth most popular social media platform in the world, with over one billion monthly active users. Almost everyone, from celebrities to your kids, has an Instagram account. This global success makes it a very lucrative target for threat actors. 

According to BBC, the scamming has worsened over the past year, with the Instagram fraud reports increasing by 50% since the coronavirus outbreak began in 2020. Scammers just need a handful of those people who will help someone without thinking. And since they’re not after money, just a bit of someone’s time, they already have one foot in the door. 

The latest scam involves Instagram backstories. Fraudsters will ask you for help, tell their backstory, and put their fate in your hands. Here are some of the Instagram stories that fraudsters employ to target users: 

  •  "I’m launching my own product line." 
  •  "I’m in a competition and need you to vote for me." 
  • "I’m trying to get verified on Instagram and need people to confirm my fanbase with a link."
  • "I need a help link to get into Instagram on my other phone." This is the most common tactic employed by scammers. 
  • "I’m contesting for an ambassadorship spot at an online influencers program." This one is surprisingly popular, with fake influencers everywhere. 

Scammers try to get access to your Instagram account by sending you a suspicious link, either as an Instagram direct message or via email. They will then ask you not to click the link but merely take a screenshot and send the image back to them. The link is a legitimate Instagram “forgotten password” URL for your account, and fraudsters want you to screenshot it so they can use the URL to reset your password, take over your account, and lock you out. 

Regardless, any requests for link screenshots should be treated with extreme suspicion. Whether product lines or ambassador programs, you can safely ignore these messages. If you think you’ve been scammed, report it to Instagram. Change your password and enable two-factor authentication. If you reuse passwords, a scammer could break into more of your accounts. Change those passwords.

Facebook, Instagram and Twitter Users from Russia have Noticed Malfunctions in their Work

 

According to Downdetector, a service for tracking problems in the work of Internet platforms, users from Russia began to complain en masse about the failures of Facebook, Instagram and Twitter. Problems in social networks began on February 25. Over 80% of users sent complaints about the functioning of the application, another 10% noticed that they could not log in to their profile, and 7% reported problems with the operation of social network sites. 

Recall that on February 25, Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology, and Mass Media) partially restricted access to Facebook. On the same day, the Prosecutor General's Office recognized the social network involved in the violation of human rights and freedoms and citizens of Russia. 

On February 26, representatives of Russian media were banned from showing ads and monetization in the social network Facebook. The company took such a step because of the situation around Ukraine. At the same time, Twitter suspended advertising for Russians and Ukrainians, as well as temporarily stopped recommending tweets to avoid the spread of insulting materials. 

In addition, Roskomnadzor restored measures in the form of slowing the speed of Twitter Internet service on devices in Russia in connection with the dissemination of untrustworthy public information about the military operation in Ukraine. 

The agency recalled that since March 10, 2021, Roskomnadzor slowed down Twitter on mobile phones and fixed devices on the territory of the Russian Federation for refusal to delete information that is prohibited in the Russian Federation. On May 17, 2021, after the deletion of more than 91% of the prohibited information by Twitter's moderation services, the restrictions were lifted. 

Roskomnadzor noted that in this situation, the condition for lifting access restrictions "is the complete removal of Twitter of prohibited materials identified by Roskomnadzor, as well as the termination of participation in the information confrontation, distribution of fakes and calls for extremism". 

In the Russian segment of the Internet, you can now often find messages: "If anything, here is my Telegram account...». Since February 25, when Roskomnadzor announced the partial blocking of the Facebook network, almost every Russian user has considered it his duty to notify friends where to look for him now. 

Bloggers and media resources are increasingly posting on their pages posts with recommendations for installing a VPN and other measures to bypass blocking.

Meta Takes Legal Action Against Cyber Criminals

 

Facebook's parent company, Meta Platforms, announced on Monday that it has filed a federal lawsuit in the U.S. state of California against malicious attackers who ran more than 39,000 phishing websites impersonating its digital properties to trick consumers into disclosing their username and password. 

“Today, we filed a federal lawsuit in California court to disrupt phishing attacks designed to deceive people into sharing their login credentials on fake login pages for Facebook, Messenger, Instagram, and WhatsApp. Phishing is a significant threat to millions of Internet users”, states the report. 

The social engineering strategy entailed the construction of rogue websites that tried to portray as Facebook, Messenger, Instagram, and WhatsApp login pages, prompting victims to input their login details, which were subsequently captured by the defendants. The unidentified actors are also being sought for $500,000 by the tech behemoth. 

The assaults were conducted with the help of Ngrok, a relay service that diverted internet traffic to malicious websites while concealing the exact location of the fraudulent equipment. Meta stated that the frequency of these phishing assaults has increased since March 2021 and that it has collaborated with the relay service to restrict thousands of URLs to phishing sites. 

The lawsuit comes just days after Facebook revealed it was making efforts to disrupt the activities of seven surveillance-for-hire firms that generated over 1,500 phony identities on Facebook and Instagram to target 50,000 users in over 100 countries. Meta announced last month that it has barred four harmful cyber groups from attacking journalists, humanitarian organizations, and anti-regime military forces in Afghanistan and Syria. 

“This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology. We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur. We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others. And Meta blocks and shares phishing URLs so other platforms can also block them”, mentioned the report.

Meta Alerts its 50,000 Users Against Surveillance-For-Hire Firm Operations

 

Surveillance-for-hire companies have utilized Facebook, Instagram, & WhatsApp as a major opportunity to target Individuals in over 100 countries for decades. Recently, Meta eliminated 7 of them from its platforms and notified over 50,000 people that the activities might as well have affected them. Many are journalists, human rights activists, dissidents, political opposition leaders, and clergy, according to Meta, while others are ordinary people, such as those involved in a lawsuit. 

As part of the attack, Meta removed numerous accounts and disassembled other infrastructure on its platforms, blacklisted the groups, and sent cease and desist notices. According to the corporation, it is also publicly disclosing its findings and indications of infiltration so that other platforms and security companies may better spot similar conduct. The findings highlight the magnitude of the targeted surveillance industry as well as the huge scope of tailoring it facilitates globally. 

“Cyber mercenaries often claim that their services and their surveillance-ware are meant to focus on tracking criminals and terrorists, but our investigations and similar investigations by independent researchers, our industry peers, and governments have demonstrated that the targeting is, in fact, indiscriminate,” Nathaniel Gleicher, Meta's head of security policy, said to the reporters. 

“These companies … are building tools to manage fake accounts, to target and surveil people, to enable the delivery of malware, and then they’re providing them to any most interested clients—the clients who are willing to pay. This means that there are far more threat actors able to use these tools than there would be without this industry.” 

Cobwebs Technologies, an Israeli web intelligence company with offices in the United States, Cognyte, an Israeli firm previously recognized as WebintPro, Black Cube, an Israeli company with an existence in the United Kingdom and Spain, Bluehawk CI, which itself is rooted in Israel and has offices in the United States and the United Kingdom, BellTroX, a North Macedonian firm, Cytrox, a North Macedonian firm, and an unidentified organization based in China. 

Meta highlights that the surveillance-for-hire industry as a whole operates in three areas. One can conceive of it as several stages of a monitoring chain, with different firms specializing in different aspects of that superstructure. 

The very first stage is "reconnaissance," in which corporations gather comprehensive data concerning targets, frequently via automated, bulk gathering on the public internet and darknet. The second stage is "engagement," wherein operators seek out targets in an attempt to form a connection and gain their trust. Surveillance firms create bogus profiles and personalities, posing as, for example, graduate students or journalists, to reach out to targets. Hackers may also spread fake content and misinformation to establish rapport. The third stage is "exploitation," sometimes known as "hacking for hire," in which actors might use this trust to persuade targets to disclose information, click a malicious link, download a malicious file, or perform some other action. 

Every stage might take place on a variety of platforms and services. For instance, Meta's WhatsApp is a popular platform for disseminating malicious links to victims. Furthermore, Facebook and Instagram serve as natural breeding places for phony personalities. The eliminated entities, according to the social media giant, breached its Community Standards and Terms of Service. 

“Given the severity of their violations, we have banned them from our services. To help disrupt these activities, we blocked related internet infrastructure and issued cease and desist letters, putting them on notice that their targeting of people has no place on our platform,” the firm added. 

“We also shared our findings with security researchers, other platforms, and policymakers so they can take appropriate action.”

Users of Netflix, Instagram, and Twitter are all Targeted by the MasterFred Malware

 

MasterFred is a new Android malware that steals credit card information from Netflix, Instagram, and Twitter users via bogus login overlays. With unique fake login overlays in several languages, this new Android banking virus also targets bank clients. In June 2021, a MasterFred sample was uploaded to VirusTotal for the first time, and it was discovered in June. One week ago, malware analyst Alberto Segura released a second sample online, claiming that it was deployed against Android users in Poland and Turkey. 

Avast Threat Labs researchers uncovered APIs given by the built-in Android Accessibility service to show the malicious overlays after examining the new malware. "By utilizing the Application Accessibility toolkit installed on Android by default, the attacker is able to use the application to implement the Overlay attack to trick the user into entering credit card information for fake account breaches on both Netflix and Twitter," Avast said. 

Malware creators have been utilizing the Accessibility service to simulate taps and traverse the Android UI to install their payloads, download and install other malware, and do various background operations for a long time. MasterFred, on the other hand, stands out in a few ways. One of them is that the malicious apps that transmit malware to Android devices also include HTML overlays that display bogus login forms and collect financial information from users. 

The malware also sends the stolen data to Tor network servers controlled by its operator via the Onion.ws dark web gateway (aka Tor2Web proxy). Because at least one of the malicious apps bundled with the MasterFred banker was recently available in Google's Play Store, it's safe to assume that MasterFred's operators are also distributing this new malware through third-party stores.

"We can say that at least one application was delivered via Google play. We believe that it has been removed already," Avast's research team said. 

Another Android malware was identified in September that managed to infect over 10 million devices in over 70 countries. GriftHorse is the name of the malware, which was found by researchers at mobile security firm Zimperium. GriftHorse's success, according to Zimperium researchers, Aazim Yaswant and Nipun Gupta, is due to the malware's "code quality, which uses a wide range of websites (194 domains), malicious apps, and developer identities to infect people and avoid detection for as long as possible."

Facebook, WhatsApp, Instagram Faces Massive Global Outage: What was the Reason?

 

The massive global outage for hours halted three giant social media platforms including Facebook, Instagram, and WhatsApp. Organizations and people all across the globe who heavily rely on services of these platforms including Facebook’s own workforce faced a huge loss. According to the data, Zuckerberg suffered a 7 billion loss. 

Facebook reported on late Monday that the company is working hard to restore access to its services and is “happy to report they are coming back online now." Also, the company apologized and thanked its users for their patience. However, fixing the glitches was not easy. 

As per the users’ reviews for some users, WhatsApp was working for a while, then it was not. For others, Instagram was working but not Facebook, and so on. 

Following the global outage, Facebook Chief Technology Officer Mike Schroepfer tweeted, "To every small and large business, family, and the individual who depends on us, I'm sorry, may take some time to get to 100%." 

According to the Security experts, the disruption could be the result of an internal mistake, though sabotage by an insider would be theoretically possible. However, Facebook says "a faulty configuration change" was the main reason for Monday's hours-long global outage. 

Soon after the global outage began, Facebook started acknowledging that the platform is facing some technical issues because users were not able to access its apps, and then Facebook started examining the same.

Facebook, the social media giant, also known as the second-largest digital advertising platform in the world, has faced a loss of around $545,000 in U.S. ad revenue per hour during the global shutdown, ad measurement firm Standard Media Index reported. 

Social Media Influencers are the Latest Target of Cyber Criminals

 

The number of cybercrimes and scams is rapidly increasing with the advancement of technology. The police said that a new cyber fraud with social media influencers has been detected. 

There are a great number of followers of social media influencers on social media and companies are paying them regularly for their handles to promote their products. Many famous people get roped in, too. 

Cyber fraud is a kind of cybercrime fraud that uses the Internet to hide information or to provide erroneous data to knock victims out of money, property, and heritage. 

Cyber Law Expert N.Karthikeyan notes that mainstream media cannot include an advertisement on gambling or false investments. Such imaginary operators can utilize these influencers of social media who are unaware of the consequences. There are influencers on social media that only promote fictitious mobile apps. Fraudsters also send dubious links as supporters of influencers on social media. Once the victims click in and the details are registered, the fraudsters acquire complete control of the influencer's page or channel. They'll then post their content – that can be anything.

However, the Cyber Crime Cell officials noted that no specific complaint had yet been made on the matter. 

A woman social media influencer who was a candidate in recent elections said, " After uploading my affidavit into ECI website, I had three lakh downloads. I got good reviews on a social media page but only one person alleged that I had hacked the ECI site- which was baseless. He went on leveling allegations on me. I just ignored it." 

With the increase in such cyber frauds, a Youtuber who himself was a victim of this, stated that the overwhelming majority of influencers on social media are being used by fraudsters. They at times typically represent themselves as an established company or brand and appeal to influencers with lucrative publicity deals while proposing to administer the ads on behalf of the influencers. Later, they gather personally identifiable information or passwords from social media and seize complete control of the website or handle used by the influencers. 

"We have lodged a complaint against an Instagrammer who specifically targeted women influencers. He texted asking them to join in an Instagram live. If they accepted and came on live, he would level baseless allegations. If they didn’t agree to live as he was the stranger, he projected them as scammers, " said Joe Praveen Michael, an event manager.

Indian Hacker Discovers a New Instagram Bug

 

Instagram has addressed a new flaw, which allows everyone to access private profiles without having to follow them and also lets them view archived posts and stories. 

The Facebook group recently rewarded an Indian programmer and Bug Bounty Hunter with Rs 22 lakh to identify the Instagram bug that can permit anybody, without following, to view different posts on a private Instagram account. The issue that the programmer, Mayur Fartade, has just reported on a media post might've been a big privacy violation that leads to target identity fraud and harassment given the hazards posed by it. On April 15, 2021, this flaw was notified to Instagram and now it is patched. 

The flaw might have enabled hackers or those intending to cyber spy – to target particular users' posts and gain access without having to follow their private account, according to Fartade. 

Fartade noted in his post that the high privileges which attackers may have gained would be utilized for looking at elements like “private/archived posts, stories, reels (and) IGTV, details including like/comment/save count, display_url, image. uri, Facebook linked page(if any) and other particulars, without following the user and by using Media ID”. 

The flaw may allow any brute person to force a "Media ID" post which is an ID for any post created on Instagram and then use it to regenerate legitimate links to archived posts and private posts. For this purpose, attackers can use the Instagram GraphQL tool on their developer library, input any targeted post's brute-forced media ID, and execute the tool to gain access to information such as the post link and other related details.

This issue might have revealed numerous sensitive facts and surely breached privacy, as non-followers having access to content on a private account could result in many untoward occurrences including identity theft, challenges, or harassment. 

Facebook in its letter to Fartade thanked him for his report: “After reviewing this issue, we have decided to award you a bounty of $30000. Below is an explanation of the bounty amount. Facebook fulfills its bounty awards through Bugcrowd and HackerOne. Your report highlighted a scenario that could have allowed a malicious user to view targeted media on Instagram. This scenario would require the attacker to know the specific media ID. We have fixed this issue. Thank you again for your report. We look forward to receiving more reports from you in the future,” the company said. 


Facebook is testing Instagrams' new messaging app, Threads with Automated Data Sharing


Facebook's team is working on a companion app for Instagram, called "Threads", which will automatically share your location, battery, a movement to a close group of friends.


It is much like a messenger application and the company plans to rival snapchat, an app that also caters to close friends and sharing updates. Though Snapchat has been standing as a good alternative for Facebook and Instagram with much more engagement with young people, Threads could be a game-changer.

The Instagram team was itself working on Direct, a messaging app since 2017 but they closed the project in May. But after the acquisition by Facebook, the team was transferred to the Facebook Messenger team and Threads could be the prized outcome.

 The Verge reported, "Threads will regularly update your status, giving your friends a real-time view of information about your location, speed, and more. At the moment, Threads does not display your real-time location — instead, it might say something like a friend is 'on the move'." 

Though the core of the messaging app will be that "messaging", where friends can text, and even see status updates made on Instagram and can manually update the status on Threads but it does not dispute the privacy concerns over the automated data sharing. 

Concerns over privacy and data 

Facebook is testing Automated data sharing on Instagrams' companion app Threads and if successful we could see it applied to other Facebook apps too. Privacy, of course, is a big concern with automatic updates and does need to be concerned over but what's more interesting is how Facebook could use this data. After Mark Zuckerberg's pivot over privacy and data, Facebook has become more private and a loss but with this new automated data sharing, users can become layman and habitual of sharing their updates.

“You change your behavior if you’re constantly being looked at,” said Siân Brooke, a researcher at Oxford Internet Institute "If you know people see where you are, what you’re consuming, you’ll change what you’re doing, change what is normal in a group.”

And thus the data mining cycle will resume where data could be tracked by the app and sold.

Here's All you Need to Know About Instagram Reels; Launched Globally in Over 50 Countries


As TikTok fell prey to extensive criticism and was labeled as a 'threat to security' by governments, resulting in the banning of the popular video-sharing platform, the creators have long ago started weighing what's next!

In the wake of TikTok's future succumbing to uncertainties, Instagram has rolled out a new feature 'Reels', that appear to be in direct competition with what TikTok had to offer.

Starting today, Instagram is launching "Reels" feature for its users in more than 50 countries, it is seen as a remarkable and well-timed attempt by Instagram to capitalize upon the global turmoil in the creative sphere of social media. It's also a potential opportunity for Instagram to expand its identity from a photo app to a video entertainment platform.

With the expansion, now the feature will be available in major international markets including India, the U.S., the U.K., France, Brazil, Germany, Australia, Mexico, Spain, Argentina, Japan, and many others.

In a similar manner like TikTok, Instagram Reels will allow people to create mini-clips with music that they can share with their followers, these short-form videos will be discoverable while users browse the "Explore" tab on Instagram.

Reels let users record 15 seconds long video clips and add filters, effects, and popular music onto them, the feature is entirely embedded inside Instagram's original app and is not to be mistaken for being an add-on or a separate app. It is not a different world altogether like TikTok or Vine, but just 'yet another thing' one can do on Instagram.

While announcing the release of "Reels", the company said in a blog, "It's a new way to create and discover short, entertaining videos on Instagram."

"Reels invites you to create fun videos to share with your friends or anyone on Instagram. Record and edit 15-second multi-clip videos with audio, effects, and new creative tools. You can share reels with your followers on Feed, and, if you have a public account, make them available to the wider Instagram community through a new space in Explore. Reels in Explore offers anyone the chance to become a creator on Instagram and reach new audiences on a global stage."

How to Create Reels?


"Select Reels at the bottom of the Instagram camera. You'll see a variety of creative editing tools on the left side of your screen to help create your reel, including:"

"Audio: Search for a song from the Instagram music library. You can also use your own original audio by simply recording a reel with it. When you share a reel with original audio, your audio will be attributed to you, and if you have a public account, people can create reels with your audio by selecting “Use Audio” from your reel.

AR Effects: Select one of the many effects in our effect gallery, created both by Instagram and creators all over the world, to record multiple clips with different effects.

Timer and Countdown: Set the timer to record any of your clips hands-free. Once you press record, you’ll see a 3-2-1 countdown, before recording begins for the amount of time you selected.

Align: Line up objects from your previous clip before recording your next to help create seamless transitions for moments like outfit changes or adding new friends into your reel.

Speed: Choose to speed up or slow down part of the video or audio you selected. This can help you stay on a beat or make slow-motion videos." Instagram explained in the blog.

A vulnerability that Allows Hackers to Hijack Facebook Accounts


A cybersecurity expert recently found a vulnerability in FB's "login with the Facebook feature." According to the expert, the vulnerability allows hackers to steal "Access Token," and the hacker can also hijack the victim's FB account. FB uses "OAuth 2.0" as a verification process that helps exchange FB tokens and also gives 3rd parties access permission. To know more about OAuth 2.0, the readers can find information on the internet.

The vulnerability exists in the "Login with Facebook" option that eventually lets hackers make a phony website which they used for exchanging Access Tokens for other applications that include Spotify, Netflix, Instagram, Tinder, Oculus, etc besides the hijacked FB profiles. Once the hacker succeeded in hijacking the targeted FB accounts using the Access Tokens, he had access to personal data that includes private messages, photos, videos, and also the account setup credentials.


According to Amol Baikar, an Indian cybersecurity expert who found this vulnerability in the first place, the FB flaw allows hackers to exploit user accounts that include Tinder, FB, Oculus, Spotify, Instagram, Netflix, etc. Meanwhile, along with this account hijack, the hacker can also get 3rd party access to the mentioned apps via "Login with Facebook option." Facebook first received this vulnerability in December 2019 and immediately issued a security fix. Along with this, the company Facebook also announced a $55,000 bounty upon finding the person responsible through the Bug Bounty Program. This is said to be the biggest bounty ever issued for a client suite hack vulnerability founded on Facebook.

Cybersecurity organization GBHackers have made the following observations regarding Facebook vulnerability: 

  1. All Fb apps and 3rd party apps login credentials (Access Token) could be exposed within a few seconds, at the same time. 
  2. The vulnerability allows the hacker to take over the Facebook account of the user. Moreover, the hacker can read, write, edit, and delete your data. 
  3. The hacker also has the option to modify your privacy settings in the FB account. 
  4. If a user visits the malicious website set up by the hackers, he/she can lose their 1st party Access Tokens. 
  5. The stolen 1st party Access Tokens never lapse. 
  6. The attacker has control over the hijacked Facebook account even after the user changes the login credentials.

Facebook official Twitter and Instagram accounts hacked!


"Well, even Facebook is hackable but at least their security is better than Twitter.", this opening statement was posted on Facebook's official Twitter account by the hacking group OurMine.



Though the accounts have now been restored, the hacking group OurMine posted the same on Facebook's Twitter, messenger and Instagram accounts.

OurMine says its hacks are to show the sheer vulnerability of cyberspace. In January, they attacked and hijacked dozens of US National Football League teams accounts.

They posted the following on Facebook's Twitter page-

Hi, we are O u r M i n e,
Well, even Facebook is hackable but at least their security is better than twitter. 

 to improve your account security
 Contact us: contact@o u r m In e.org 

 For security services visit: o u r m In e.org 

On Instagram, they posted OurMine logo whereas Facebook's own website was left alone. Twitter has confirmed that the accounts were hacked albeit via a third-party and the accounts were then locked.

"As soon as we were made aware of the issue, we locked the compromised accounts and are working closely with our partners at Facebook to restore them," Twitter said in a statement.

These attacks followed the same trend as they did in the attack on the teams of the National Football League.

The accounts were accessed by Khoros, a third-party platform. Khoros is a marketing platform, a software that allows people to manage their social media accounts all in one space. It can be used by businesses to manage their social media communications. These platforms like Khoros, have the login details of the customers. OurMine seemed to have gained access to these accounts through this platform.

OurMine is a Dubai based hacking group known for attacking accounts of corporations and high profile people. It has hacked social media accounts of quite a few influential individuals like Twitter's founder Jack Dorsey, Google's chief executive Sundar Pichai, and the corporate accounts of Netflix and ESPN. According to OurMine, their attacks are intended to show people cybersecurity vulnerabilities and advises it's victims to use its services to improve security.

Clause Addition to the IT Act; Social Media Companies Now Responsible For All Nonuser Generated Content


A change brought in line with the changes in the US and Europe, the Indian government has recently added a clause to the proposed IT intermediary guidelines, making social media companies responsible for all nonuser produced content including supported content, distributed on their platforms. 

The change is expected to impact some extremely popular social media platforms, like Twitter, TikTok, YouTube, Instagram as well as Facebook. 

When the amended guidelines are made public, social media organizations will be required to accordingly and appropriately tag and identify all sponsored content published on their platforms and alongside it, draft standards, which are 'under consideration' of the law ministry, are expected to be notified in about a few weeks according to a senior government official “We have had a few rounds of discussions with the law ministry. 

These guidelines should be notified by February-end, the start of March.” Section 79-II of the Information Technology Act, 2000, right now absolves online intermediaries from obligation for any third party substance shared on their platform. In any case, with the new clause, the Act will give "safe harbor protection" to intermediaries, inasmuch as they just assume the job of a facilitator and not maker or modifier, in any way of the content posted.


What expedited the change was an issue that occurred in the previous year a disagreement regarding content between social media platform TikTok and Twitter-sponsored ShareChat where the latter had to bring down more than 100 videos from its platform. 

Right now, platforms like Facebook, Twitter and Instagram have certain features and tags through which ads and paid partnerships are displayed. Yet, publicists and advertisers state brands would rather push content through influencers to make it look increasingly organic. 

There is likewise no compulsion or onus on the influencers to highlight that the products and content they are supporting are paid for. 

However, Government authorities said such content, produced by influencers without the contribution of the social media platforms, may in any case not be secured by the most recent clause. This clause will relate to just such non-user produced content in which the platform is in some way involved.

User Accounts and Phone Numbers Exposed; Confirms Instagram


Social Media Giant and Instagram senior, Facebook affirms that a newfound security vulnerability may have put the user data in danger, leaving many open to attack by 'threat actors'.

The vulnerability is said to be so strong to the point that through it the attacker would effectively access 'secure' user data like the users' real names, Instagram account numbers and handles, and full phone numbers.

An Israeli hacker known by the handle @ZHacker13 found the vulnerability with Instagram and said that misusing it would empower an attacker utilizing a multitude of bots and processors to manufacture an accessible/attackable database of users, bypassing protections protecting that information.

The attacker utilizes a simple algorithm against Instagram's login form, checking each phone number in turn for those linked to a live Instagram account, and since there is no restriction on the number of algorithms that can be kept running in parallel, the attacker can do it as many number of times as he wants.


After this while exploiting the advantages of Instagram's Sync Contacts feature he can figure out how to discover the account name and number linked to the phone number.


Anyway as of now, there is no proof that any user data has been misused or mishandled via utilizing this vulnerability—in any case; on the other hand, there is no proof that it hasn't.

Probably the fact that the endeavour required two separate procedures may imply that the attackers have chosen to withdraw.

Meanwhile, @ZHacker13 tested his Instagram exploit post Facebook's fix and affirmed that it no longer worked.

Facebook Dating Service available in 20 countries


Facebook has launched one of its most awaiting features; Facebook dating service in the United States and other 19 countries for its users who are above 18 years or older.

Currently, dating feature would be available in countries including US, Bolivia, Canada, Brazil, Argentina, Singapore, Suriname, Thailand, Laos, Guyana, Ecuador, Chile, Bolivia, Philippines, Mexico, Paraguay, Peru, Columbia,  Vietnam, and Malaysia.

Facebook said that they would launch a dating service in Europe in early 2020. While there is no word when they would launch the service in South East Asia.

"Today people are asked to make a decision as to whether or not they like someone immediately based on a static profile. To help you show, rather than tell, who you are, we're bringing Stories to Dating," Facebook blog post.

The user can create a dating profile, which will be entirely different and separate from the main profile.  People can integrate their Instagram posts in a dating profile, by the end of the year, and they would be able to add Instagram followers to their Secret Crush lists, in addition of their Facebook friends.

"By the end of the year, we'll make it possible to add Facebook and Instagram Stories to your Dating profile too,"  Facebook wrote in a blog post.

The dating service won't match you with your  Facebook friend until you choose to use Secret Crush and your crush too should have added you to their crush list.

"All of your Dating activity will stay in Facebook Dating. It won't be shared to the rest of Facebook," said the company.

"Finding a romantic partner is deeply personal, which is why we built Dating to be safe, inclusive and opt-in. Safety, security and privacy are at the forefront of this product," blog post.

Instagram Users Fall Victim To yet another Phishing Campaign



Instagram user's become victims of a new phishing campaign that utilizes login attempt warnings combined with what resembles the two-factor authentication (2FA) codes to trick potential victims into surrendering over their sensitive data by means of fake sites.

It is believed that they use the 2FA to make the scam increasingly 'believable' and  alongside this they resort to phishing with the assistance of a wide scope of social engineering techniques, just as messages intended to seem as though they're sent by somebody they know or an authentic association.

Here, particularly the attackers utilize fake Instagram login alerts stating that somebody tried to sign in to the target's account, and thusly requesting that they affirm their identity by means of a sign-in page linked within the message.

In order to abstain from raising any suspicions these messages are intended to look as close as conceivable to what official messages might appear coming from Instagram.

Once on the target is redirected to the phisher's landing page, they see a perfectly cloned Instagram login page verified with a legitimate HTTPS certificate and displaying a green padlock to ease any questions regarding whether it's the genuine one or not.


To avoid from falling for an Instagram phishing trick like this one, the users are prescribed to never enter their sign-in certifications if the page requesting that they sign in does not belong to the instagram.com site.

Anyway in the event that the user has had their Instagram credentials stolen in such an attack or had their account hacked but in some way or another can still access it, at that point they should initially check if their right email address and phone number are still associated with the account.

Following this they it is advised that they change the account's password by adhering to specific guidelines given by Instagram.

Be that as it may, assuming unfortunately, that the user has lost access to their account after it being hacked, they can utilize these guidelines or instructions to report the incident to Instagram's security, which will then accordingly re-establish it subsequent to confirming the user's identity through a picture or the email address or phone number you signed up with and the type of device you used at the time of sign up."

Fashion designer lost business after her Instagram account got hacked

Twenty-three-year-old Bree Kotomah almost gave up on a burgeoning career in fashion design when hackers compromised her business's Instagram account in November 2018.

"Unfortunately, at the time I ran everything on Instagram, so when that was gone, that was the whole business gone," she told BBC Radio 5 Live.

At least half of micro businesses - companies with fewer than nine employees - in the UK are victims of cyber-attacks every year, compared to just a third of other companies, according to the Association of Independent Professionals and the Self-Employed (IPSE).

Ms Kotomah, whose business Boresa Kotomah is based in London, had not studied fashion. She taught herself to sew and began designing clothes in 2018. Due to interest on Twitter in her fashion styles, she started an Instagram account and gained 5,000 followers in seven months, after a photo of a dress she made went viral.

Interested customers would send her a direct message on Instagram enquiring about prices, and commission her to make the dresses.

Ms Kotomah would invoice her customers using PayPal and mobile app Invoice2go, and her reputation grew by word of mouth and through shares of her outfits on Instagram and Twitter.

But then it all stuttered to a halt.

"I woke up one morning and my account was deleted. I received an email from Instagram saying I had violated some terms and I had done certain things that I know I didn't do," she said.

"My business at that time was my livelihood. That was what I was doing full-time. I'm self-employed. So if I'm not making money from working, I'm not making money at all so I was just thinking like, 'What am I going to do?'"

Ms Kotomah's designs have been worn by actors, influencers, singers, models and dancers.

Ms Kotomah was so disheartened that she stopped designing for two months and considered other jobs. But then she decided to give it one more try. She started a new Instagram account, learned more about running a business, and set up a website showcasing her work that offered ready-to-wear clothing available for immediate purchase.

Facebook to rename WhatsApp and Instagram






Facebook is planning to rename its two social media platform WhatsApp and Instagram as “WhatsApp from Facebook” and “Instagram from Facebook” respectively.

It came as a shock, as many users still doesn’t know that Facebook own these popular apps.

 Till now, the company allowed both the companies to operate as independent brands. They have their own managers, employess, and even sepearate work places. 

However, in recent times, Facebook has taken steps to make WhatsApp and Instagram less independent. 

“We want to be clearer about the products and services that are part of Facebook,” a spokeswoman, Bertie Thomson of the company said.

According to the report, the new name will be displayed only on the app store pages on both Android and iOS. The new names will also be visible on the login pages. 




Security researcher awarded $30,000 for spotting a privacy bug in Instagram





A security researcher from India has won $30,000 in a bug bounty program after he found a flaw in Facebook-owned photo-sharing app Instagram.

Laxman Muthiyah discovered a vulnerability that allowed him to hack any Instagram account without consent permission."

He took over someone's Instagram account by clicking on forget the password or requesting a recovery code against the account.

"I reported the vulnerability to the Facebook security team and they were unable to reproduce it initially due to lack of information in my report. After a few email and proof of concept video, I could convince them the attack is feasible," Muthiyah wrote in a blog post. 

The company’s security teams fixed the issue and rewarded the researcher $30,000 as a part of their bounty program.

However, a senior technologist at cybersecurity major Sophos, Paul Ducklin, said that the vulnerability found by Muthiyah no longer existed, and users should get back control for their hacked accounts. 


"In case any of your accounts do get taken over, familiarise yourself with the process you'd follow to win them back. In particular, if there are documents or usage history that might help your case, get them ready before you get hacked, not afterward," Ducklin said in a statement.

Instagram account can be easily hacked, finds hacker

A professional hacker discovered what he considered a fairly simple way to seize control of any Instagram user's account. Fortunately for the site's 500 million active daily users, he told Instagram exactly how it could be done.

Laxman Muthiyah is a professional bounty hunter. Not the kind who tracks down bail jumpers, mind you. He uses his hacking skills to collect bug bounties, money companies pay to hackers who find and report vulnerabilities in their software.

Muthiyah found the account-breaking bug in the mobile version of Instagram's password reset system. When a user wants to reset his or her password, Instagram tries to validate their identity by sending a 6-digit code to a recovery phone number.

A six-digit code is child's play for a hacker with any amount of computing power at their disposal, which is why Instagram has a system in place that can detect brute-force attacks. Muthiyah found that out of 1,000 attempts around 75% were blocked.

By creating a race condition -- a nasty situation that occurs when a computer tries to process multiple requests at the same time -- and making attempts from a huge number of IP addresses -- Muthiyah was able to do an end run around Instagram's brute force blocker.

He bombarded Instagram with 200,000 codes from 1,000 different IP addresses. That might sound like a Herculean task, but Muthiyah notes that it's actually quite simple using cloud-based tools.

In his estimation it would have cost about $150 to reset anyone's password.

Gaining control of an account with hundreds of thousands -- or even millions -- of followers is well worth the investment. It provides an opportunity to spam users with links to infected downloads or phishing pages from an account they are likely to trust.

There's no telling how many unsuspecting fans would've blindly clicked a malicious link posted from a celeb's verified IG account. It's quite possible that a major incident was avoided thanks to Muthiyah's hard work and Facebook's (which owns Instagram) rapid deployment of a fix.