Instagram hacker bypasses 2FA and login notifications...how!??

[Jaywill10]

Hey everyone,

 

A couple days ago I had my first experience being hacked on Instagram. How it happened is something I cannot figure and its seriously bugging me. I use a password manager that generates a strong password to secure to my account. I have 2 factor authentication set up and my choice was to use the password managers one time password as the authenticator as well as sms code. I have login notifications on as well so anytime I login I get an email and a push notification. I also have suspicious login attempt notifications on. Upon waking up the other day, I received a text from a few friends alerting me I was hacked. I did not receive a email login notification nor did I receive a push notification or suspicious login attempt notification. I did not receive a text with a 2-step code. Thankfully in my case, my password was not changed. I was able to open Instagram as usual and logout the other person who signed in. They were signed in from Germany. Here's what I do not understand, I logged in on my PC to change my password, immediately I got an email and push notification alerting me of a suspicious login attempt that requires my approval. Why did this not happen when said hacker logged in? 

 

I know most "hacks" are phishing except I've only ever been logged in on my phone and I have never used a third party app to sign in with my Instagram. I also change my password every 6 months out of fear of being hacked since its happened to multiple of my friends. Does anyone know how it is possible that they were able to by pass 2-factor and login notifications?

Edited April 20, 2022 by Jaywill10
Pressed enter too early and posted only one sentence.

[IAmNik]

1 minute ago, Jaywill10 said:

Hey everyone,

 

A couple days ago I had my first experience being hacked on Instagram. How it happened is something I cannot

Usually how hacking works lol

[Jaywill10]

8 minutes ago, IAmNik said:

Usually how hacking works lol

Sorry I hit the enter key and it posted before I was done typing lol.

[IAmNik]

First mistake was using a password generator for your password lol 

 

Or it could've probably been something you clicked on while on Instagram that prompted your account to spam your friends list with messages or whatever it is they received. Not necessarily someone logging into your account and then sending random stuff. The Germany login was probably a bot attached to your profile from clicking random link or something

 

Now, Create your OWN password. Better to use a phrase rather than a word and some numbers or something. Be creative!

[Jaywill10]

8 minutes ago, IAmNik said:

First mistake was using a password generator for your password lol 

 

Or it could've probably been something you clicked on while on Instagram that prompted your account to spam your friends list with messages or whatever it is they received. Not necessarily someone logging into your account and then sending random stuff. The Germany login was probably a bot attached to your profile from clicking random link or something

 

Now, Create your OWN password. Better to use a phrase rather than a word and some numbers or something. Be creative!

Using a something like 1Password or Last Pass to generate a password isn’t a good idea?

 

thanks for the information, I was just curious how it worked.

[RockSolid1106]

On 4/20/2022 at 8:25 AM, IAmNik said:

First mistake was using a password generator for your password lol 

On 4/20/2022 at 8:25 AM, IAmNik said:

Now, Create your OWN password. Better to use a phrase rather than a word and some numbers or something. Be creative!

This is the dumbest advice I've seen in a while.

Look up on how hashing works.

Here's a video that I found good at explaining hashing and why you should not use common passwords.

Random strings with Characters, Symbols, long length will always be better than phrases.

 

On 4/20/2022 at 8:34 AM, Jaywill10 said:

Using a something like 1Password or Last Pass to generate a password isn’t a good idea?

It is a good idea to use a password manager and randomly generated strings as passwords instead of phrases.

[IAmNik]

3 minutes ago, RockSolid1106 said:

This is the dumbest advice I've seen in a while

 Thats fine and dont worry, it wont be the dumbest thing you see from me. Trust me. Plenty more to come, brotha.