Instagram investigating users' claims they've been hacked

Instagram users are being blocked from logging in, only to find later their accounts have been hacked and their credentials often newly linked with a Russian email ending in .ru.

What’s happening: Instagram is investigating the hacking claims following a spike in reports, but doesn’t know whether these are actually Russians hacking or whether it's just someone using a Russian email. Instagram is currently helping customers regain access to their accounts and working to roll out its own third-party app authentication.

Yes, but: But some accounts getting hacked already had two-factor authentication (2FA) in place, per The Sun, which is a security feature intended to add an extra step to block potential hackers

The key is, not every 2FA is made equal. Using SMS as the second step — like how Instagram's currently works — can be vulnerable. SMS 2FA is not as secure as using physical, hardware-based keys. Google hasn’t had any of its more than 85,000 employees phished on work-related accounts since implementing physical key use in early 2017, according to KrebsOnSecurity.

By the numbers: Kaspersky Lab products prevented approximately 68,000 attempts to visit phishing pages imitating Instagram this year. And in July, Kaspersky "witnessed a spike in this attack vector — on July 31, the number of phishing attacks skyrocketed from around 150 per day to almost 600," per Kaspersky.