Selena Gomez - please tell your 125 million fans to enable two-step verification

If I called this article “Justin Bieber nude photos” nobody would click on it.

Selena Gomez - please tell your 125 million fans to enable two-step verification

If you're worried about escalating international tensions as North Korea blasts missiles over northern Japan, let me tell you something else that will make you worry about the future of mankind:

Selena Gomez has 125 million followers on Instagram.

I discovered that fact this weekend, as I heard that hackers had seized control of the American singer and actress's Instagram account and posted revealing snaps of her ex-boyfriend Justin Bieber.

When I say "revealing" I mean the full caboodle. Bieber's Big Lebowski was on show for all to see.

To save both Bieber's modesty and your own innocence, I have subtly censored the image of the hacked account below.

Justin Bieber's little fella

I have no idea if Bieber is happy with his ankle spanker being on show to the world or not, but reports indicate that the paparazzi images of Bieber's little fella have surfaced publicly before in the tabloid press.

What I *do* have a clue about, however, is that clearly Selena Gomez or her management have been sloppy with the star's online security.

Enabling two-step verification (2SV) adds an additional level of security to your online accounts which goes beyond your normal password. If you turn on 2SV on your Instagram account (and countless other accounts), you will be prompted to enter a security code generated by an app on your smartphone when you try to log into your account.

That means that even if a hacker has managed to steal or work out your password, it won't be enough to access your account as they don't (hopefully) also have access to your smartphone.

You would like to think that Selena Gomez would know a thing or two about protecting her social media accounts. Five years ago a British hacker was jailed after hacking into Gomez's Facebook account and accessing her private messages.

With 125 million followers on Instagram, Selena Gomez could do a lot of good sharing advice with fans about how they could better defend their online accounts.

That, unfortunately hasn't happened (at least not yet). For now, Gomez has deactivated her Instagram account.

For further discussion on this story, make sure to listen to this episode of the "Smashing Security" podcast:

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

5 Responses

  1. Brian Leeming

    August 29, 2017 at 2:50 pm #

    125 million or 250 million, Graham? But I love your site in any case.

  2. Michael Ponzani

    August 29, 2017 at 4:37 pm #

    "Ankle spanker?", I love it. I wish I had one of those. Mine's far to short to fit the description. I did see some clips from the Phillipeans where some dude had about two and a half feet.

  3. Jay

    August 29, 2017 at 5:46 pm #

    Graham, perhaps it wasn't necessarily 2FA not being set up. Is there a possibility some hacker could have social engineered her mobile phone provider to steal her SIM and then confirmed 2FA that way?

    • Graham Cluley in reply to Jay.

      August 29, 2017 at 6:59 pm #

      It's a *possibility* but I would suggest considerably less likely.

      I do prefer it when online services give users the option of two-step verification via an authenticator app (Google Authenticator is perhaps the best known, but there are alternatives) rather than sending a code via SMS.

      I know there are a lot of folks who hate the idea of 2FA via SMS because of the potential of a bad guy cloning your phone and receiving the code, but I do believe for most of us that's a lot less of a risk than not having 2FA enabled at all.

Leave a Reply