Photo: Omar Marques/SOPA Images/LightRocket via Getty Images

Instagram users are being blocked from logging in, only to find later their accounts have been hacked and their credentials often newly linked with a Russian email ending in .ru.

What’s happening: Instagram is investigating the hacking claims following a spike in reports, but doesn’t know whether these are actually Russians hacking or whether it's just someone using a Russian email. Instagram is currently helping customers regain access to their accounts and working to roll out its own third-party app authentication.

Yes, but: But some accounts getting hacked already had two-factor authentication (2FA) in place, per The Sun, which is a security feature intended to add an extra step to block potential hackers

The key is, not every 2FA is made equal. Using SMS as the second step — like how Instagram's currently works — can be vulnerable. SMS 2FA is not as secure as using physical, hardware-based keys. Google hasn’t had any of its more than 85,000 employees phished on work-related accounts since implementing physical key use in early 2017, according to KrebsOnSecurity.

By the numbers: Kaspersky Lab products prevented approximately 68,000 attempts to visit phishing pages imitating Instagram this year. And in July, Kaspersky "witnessed a spike in this attack vector — on July 31, the number of phishing attacks skyrocketed from around 150 per day to almost 600," per Kaspersky.

Go deeper

President Trump's suburbs

Photo illustration: Annelise Capossela/Axios. Photo: Tom Williams/CQ Roll Call.

President Trump cast an outdated vision of "the 'suburban housewife'" as he swiped this week at Joe Biden's newly minted running mate Kamala Harris — building on his months-long play to drive a wedge through battleground-state suburbs by reframing white voters' expectations.

The big picture: As he struggles to find an attack that will stick against the Biden campaign, Trump for a while now has been stoking fears of lawless cities and an end to what he's called the “Suburban Lifestyle Dream.” It’s a playbook from the ‘70s and ‘80s — but the suburbs have changed a lot since then.

Trump tightens screws on ByteDance to sell Tiktok

Illustration: Aïda Amer/Axios

President Trump added more pressure Friday night on China-based TikTok parent ByteDance to exit the U.S., ordering it to divest all assets related to the U.S. operation of TikTok within 90 days.

Between the lines: The order means ByteDance must be wholly disentangled from TikTok in the U.S. by November. Trump had previously ordered TikTok banned if ByteDance hadn't struck a deal within 45 days. The new order likely means ByteDance has just another 45 days after that to fully close the deal, one White House source told Axios.

Updated 10 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 9:30 p.m. ET: 21,056,850 — Total deaths: 762,293— Total recoveries: 13,100,902Map.
  2. U.S.: Total confirmed cases as of 9:30 p.m ET: 5,306,215 — Total deaths: 168,334 — Total recoveries: 1,796,309 — Total tests: 65,676,624Map.
  3. Health: CDC: Survivors of COVID-19 have up to three months of immunity Fauci believes normalcy will return by "the end of 2021" with vaccine — The pandemic's toll on mental health — FDA releases first-ever list of medical supplies in shortage.
  4. States: California passes 600,000 confirmed coronavirus cases.
  5. Cities: Coronavirus pandemic dims NYC's annual 9/11 Tribute in Light.
  6. Business: How small businesses got stiffed — Unemployment starts moving in the right direction.
  7. Politics: Biden signals fall strategy with new ads.