Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Photo: Omar Marques/SOPA Images/LightRocket via Getty Images
Instagram users are being blocked from logging in, only to find later their accounts have been hacked and their credentials often newly linked with a Russian email ending in .ru.
What’s happening: Instagram is investigating the hacking claims following a spike in reports, but doesn’t know whether these are actually Russians hacking or whether it's just someone using a Russian email. Instagram is currently helping customers regain access to their accounts and working to roll out its own third-party app authentication.
Yes, but: But some accounts getting hacked already had two-factor authentication (2FA) in place, per The Sun, which is a security feature intended to add an extra step to block potential hackers
The key is, not every 2FA is made equal. Using SMS as the second step — like how Instagram's currently works — can be vulnerable. SMS 2FA is not as secure as using physical, hardware-based keys. Google hasn’t had any of its more than 85,000 employees phished on work-related accounts since implementing physical key use in early 2017, according to KrebsOnSecurity.
By the numbers: Kaspersky Lab products prevented approximately 68,000 attempts to visit phishing pages imitating Instagram this year. And in July, Kaspersky "witnessed a spike in this attack vector — on July 31, the number of phishing attacks skyrocketed from around 150 per day to almost 600," per Kaspersky.