Home » Misc » How to get hash password of instagram account

How to get hash password of instagram account


How Cybercriminals Hack Facebook, Instagram and Snapchat Passwords

Passwords are the keys to the digital kingdom. Even Mark Zuckerberg, Facebook’s CEO, has to log into his master account by typing one. That’s why malicious hackers pour a huge amount of time and money into hacking other people’s passwords and breaking into their accounts. And we assure you that their efforts don’t go unrewarded. In this article, you’ll explore how cybercriminals hack passwords for social media accounts such as Facebook, Instagram and Snapchat. Once you “know thy enemy” we will go over some basic steps you can follow to dodge those attack methods.

How to hack your Instagram or Snapchat account password using a keylogger

Keyloggers are malware programs designed to record everything you type on your keyboard. They’ve been around since forever, and are one of the biggest targets of antivirus programs. Unfortunately, they can be incredibly effective at finding out passwords, email accounts, credit card data and any other type of information, so malicious hackers will surely use them more in the future. The tricky part about keyloggers is that a malicious hacker has to find a way to download it onto your device. Here are just a few of the most commonly used strategies:

  1. Send you a phishing email with a malicious attachment, meaning the keylogger.
  2. Infect a website with malicious code so that it automatically downloads malicious software on your device, these are so called “drive-by-downloads”.
  3. Trick you into clicking a malicious link on a pop-up or website that approves a malicious download.

Keyloggers come with many different functionalities. The main one of course is to track and record keystrokes, and then send the information back to the malicious hacker. This is how they can hack a Facebook or Instagram account password with ease. On top of that, some keyloggers can even do some or all of the following:

  • Take screenshots of the device.
  • Track the URL’s of pages you visit.
  • Record what applications you run on your device.
  • Capture copies of emails in your inbox and sentbox.
  • Log all of your messaging sessions, such as FB Messenger or Snapchat.

Keyloggers are designed to be invisible and difficult to track down. Chances are you can’t even find the process for it in Windows Task Manager. If you want to remove a keylogger, then you’ll need some specialized software and follow certain steps. Better yet, if you want to prevent someone downloading a keylogger on your device, we recommend you use software specifically designed to block malware from entering your device in the first place. In our opinion, our own Heimdal™ Threat Prevention can go a long way in helping you filter out the bad traffic out there.

Phishing attacks will trick you into revealing the password

Phishing is a favorite tool for cybercriminals to get a hold of your password. The bad guys will first send you a fake email that supposedly comes from a trusted website you use, such as Gmail or Yahoo. This email looks nearly identical to the real deal, and has a link inside that leads to a “Sign In” page. The mail might say something along the line of “Due to some security issues, we request you enter your account details again to confirm it is really you.” But you won’t really be logged in to the website. Instead, you just typed in your account and password for the malicious hacker to see. In other words, you helped him hack your Facebook or Instagram password.

Steps to follow to prevent a phishing email attack

It takes little effort to detect a phishing email. The hard part is to develop a mindset that everything on the Internet is harmful until proven otherwise. With that being said, here are some basic tips to protect yourself from these nasty phishing campaigns. Source

  1. The sender’s address is the first major clue the email is fake. It makes no sense for Facebook to use any other email address other than “@facebook. com”. However, it’s also possible the malicious hacker might be skilled enough to spoof the email address. Or he might have bought a web address similar to facebook.com. In this case, it’s not unheard off to have an email that looks something like this: [email protected] or [email protected], both of which are fake.
  2. It’s safe to assume an email in the spam folder is a dangerous one you shouldn’t click. At all. In fact, don’t even open it. Or better yet, don’t even look into your spam folder. You don’t need to. Leave the garbage alone, undisturbed.
  3. “You have 2 messages that will be deleted in a few days”. When was the last time you saw Facebook do that? Hint: never. That text is a standard psychological tactic employed by cybercriminals to create urgency in your mind, and force you to click the link.

How cybercriminals use Wi-Fi sniffers to hack your Snapchat and Instagram password.

There are around 300,000 YouTube videos on how to hack a Wi-Fi password. Cybercriminals however, aren’t interested in free Internet, but instead they want to get their hands on the data you send and receive over the network. Once a malicious hacker breaks into a Wi-Fi network, then he can easily start hacking your Facebook or Snapchat password by intercepting all of the data you communicate over the network. Of course, this isn’t just limited to passwords. The cybercriminal will also target private information such as credit card data, addresses, date of birth, social security, emails and Internet messages. Unfortunately, it’s nearly impossible to detect a Wi-Fi sniffer attack, so you just have to avoid as best as you can. Here are some basic tips you can follow to prevent someone from hacking your Wi-Fi and personal data.

  1. If it’s your own Wi-Fi network, make sure it has a strong password that can’t be broken by a dictionary or brute force attack (more on these attacks later).
  2. Make sure your router uses the WPA2 AES encryptions method. Out of all the encryption methods out there, this one is the most secure. Even governments use the AES encryptions standard.
  3. If it’s a public network, such as coffee shops or shopping malls, make sure it too is also encrypted with WPA2 AES. Here’s a more in-depth article as to why u>public Wi-Fi’s are such a cybersecurity hazard.
  4. If the public Wi-Fi is open or uses the ancient and obsolete WEP encryption method, then avoid it altogether. Whatever you do, do not use an open wireless network to log in to your Facebook or Instagram account, do financial transactions or any other sensitive operation.

Password hacking software

The most frequent cybersecurity advice you’ll ever hear is “use a strong password”. And there’s a very good reason for this. Far too many people use weak passwords for their social media account such as: Source. As we’ll see, even basic hacking software will guess these weak attempts almost instantly.

Brute force attacks

These sort of weak passwords are vulnerable to a so-called brute force attack. This is a password hacking method that bombards a login page with thousands upon thousands of passwords until it gets the right one and logs into your account. Passwords such as “123456” are among the first to be tried out, so they are cracked in around 0.2  seconds. In other words, a brute force attack can hack a weak Facebook password instantly.

Here’s how long it will take a brute force attack to hack any of these passwords:

  • London = 6 seconds.
  • Londoner = 5 hours, 13 minutes.
  • Londoner- = 2 years, 4 months.
  • Londonerse = 1 year, 7 months
  • Londoner-* = 198 years, 26 days.
  • londoner-* = 1 month, 6 days.

Source As you can see, it’s not just the number of characters in a password that matters, but also what type of characters you use. “Londoner-“ is shorter than “Londonerse” but it’s harder to crack thanks to the special character “-“. It’s not just special characters that make a difference. Capitalizing a letter can turn a junk password such as “londoner-*” into a heavyweight that takes nearly 2 centuries to crack. And all you did was to capitalize the “l” so it’s now “Londoner-*”.

Dictionary attacks

Dictionary attacks rely on guessing a password just like brute-force ones. The main difference is that dictionary attacks first try out the most likely password variations, and then work from there. To come back to our previous example, if the cybercriminal knows you are a huge fan of the city of London (so much so that you have a tattoo of the Queen on your arm), then he will set the software to first try out all combinations related to the word “London”, such as “london134” or “london88%”. So the hacking time of “Londoner-*” will go down from nearly 2 centuries to just a few hours or days at most. The more information an attacker knows about you, the higher his chances of hacking your password.

How malicious hackers use brute force/dictionary attacks

Brute force and dictionary attacks cannot be directly used to hack to your Facebook or Snapchat password since these are highly secure websites that use extensive security measures to prevent this type of attacks. Instead, malicious hackers exploit another common Internet user mistake: reusing the same password. A smart cybercriminal will simply target other sites and services the victim uses. Some of these will surely have weak security measures that allow the hacker to launch a brute force attack on the login page. If the attack is successful, then it’s safe to assume the cybercriminal can hack into the victim’s other accounts, including the ones made at banks or shopping sites. All because he used the same password over and over again.

How to prevent a dictionary/brute force hacking attack

Thankfully, it’s easy to protect yourself against a password-guessing attack. Here are some basic tips you should when it comes to managing your password:

  1. Make sure you have a strong password. This means you should include a capital letter, a number and a special character. Make sure it’s at least 10 characters long.
  2. Don’t reuse the same password for all of your accounts. To cut down on the amount of effort involved in remembering and creating such passwords, we strongly recommend you use a password manager such as Dashlane and LastPass.
  3. Make sure your passwords are as unpredictable as possible. Don’t let the attacker guess the “theme” of your password, like in our “Londoner-*” example. In fact, make sure your password is as random as possible such as “27fj30dr8&)*LL”.
  4. Activate two-factor authentication to prevent an attacker from logging into your account, even if he guesses your passwords.

Social engineering attempts that request your login information (and password)

Like phishing emails, social engineering scams tries to trick you into willingly revealing your data. What’s more, these types of attacks are becoming more and more frequent. For instance, the cybercriminal might pretend to be an employee for the main bank you use. He then calls you in order to “clarify some minor account issues”. During the phone call, he asks that you provide him the username and password for your bank account. You’d be surprised how often people get hacked with this type of trick. It doesn’t even have to be a bank employee. They might pretend to be a utility company, asking you to give them username and password so they can recover your “lost account”. Since most victims reuse the same password, the bad guys now have access to all their other accounts as well, even the more important ones, on sites such as eBay or Amazon.

Shoulder surfing, the low tech method to hack someone’s Facebook or Instagram password

Sometimes, the best way to hack someone’s password is to physically see him type it. There’s even a word for it: shoulder surfing. Thanks to the smartphone era, this practice has become more widespread, with people looking over your shoulder to find out not just your Facebook or Instagram password, but other types of personal information, such as browsing sessions or messenger conversations. The last thing you need is for a thief to see you talking about your next vacation. If he’s a good one, he can track down your home address and burglarize you. To prevent shoulder surfing, Android users should keep the “Make Password Visible” field turned off (you can find this in Settings -> Security). iOS users don’t have to worry about this since it’s a default setting and you can’t change it. However, some apps will briefly flash the last character you typed. So you will see something like this if you want to write in Londoner-*: “****o”. A keen eyed observer can remember those taps, and reconstruct your password.

Another possible fix for this, is to use a privacy screen protector that makes the screen harder to see for others.

Technical attacks that have nothing to do with the user.

Some passwords are hacked due to technical issues related to the website or service, and without any fault on the user’s part. In such situations, the security minded user can only the website is properly secured.

Hash attacks

Computers don’t store your password in plaintext, meaning you will never find a file on a PC with a password written down letter by letter. Instead, the password will be hashed. So instead of “Londoner-*” the password will look something like this: 5206b8b8a996cf5320cb12ca91c7b790fba9f030408efe83ebb83548dc3007bd.   That long string of random gibberish is called a hash. A malicious hacker can obtain the hash file through a malware attack on the device that stores the hash, such as a server or your PC. To decrypt the hash, the cybercriminal will use several methods such as: lookup tables, rainbow tables and reverse lookup tables.

OAuth attacks

Most online login and authentication methods rely on a technology framework called OAuth 2. What this technology does is to bypass the need to create a new user account and password for a website, and just login with a predetermined account. You’re probably familiar with this technology if you’ve used the “Login with Facebook” or “Login with Google” buttons. Basically, Facebook or Google will send an identification token to the website you want to log in, confirming your identity. However, many websites and apps poorly implement OAuth, so instead of actually receiving the token from Google or Facebook, they just check if the provider of the information is Google or Facebook. In other words, they log you in the account without a confirmation that it’s actually you. A malicious hacker with good technical knowledge can disguise the token provider, so he fools the login page into believing the user is genuine, and then gives him access. Unfortunately, a huge amount of apps and websites don’t implement OAuth properly. By some estimates, such poorly secured apps account for nearly 2.4 billion downloads all over the world, putting a huge amount of users at risk. To avoid any potential problems, we recommend you create separate usernames and password and even avoid using the “Login with Facebook/Google” button altogether.

Conclusion

A safe and secure password is the first and most important step in keeping your online life secure. Steps such as long passwords, two factor authentication and password managers are a very small inconvenience compared to the security boosts they can provide you.

Spend time with your family, not updating their apps!

Let Heimdal™ FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal™ FREE

Instagram accidentally reveals plaintext passwords in URLs – Naked Security

Cryptography, Data loss, Facebook, Instagram, Privacy, Security threats

by Lisa Vaas

In April, with the GDPR deadline and its requirement for data portability looming, Instagram released the long-anticipated download your data tool. The feature gave users the ability to download images, posts and comments.

Unfortunately, Instagram turned the task of downloading your data into an exercise in exposing people’s passwords in plain text. Thankfully, the bug in the “download your data” tool only affected a handful of users, it said.

As The Information reported last week, Instagram told affected users on Thursday night that if they’d used the “download your data” feature, their passwords may have shown up in plaintext in the URL of their browsers.

It seems that the problem occurred if users hit “enter” after typing their password instead of hitting the “submit” button.

That might not be a big deal to a user at home on an unshared computer, but as Facebook, which owns Instagram, said in the notice to users, it means that anybody who used the tool on a public computer – say, in a library – had their password exposed in the URL: an unfortunate gift to any shoulder surfers who may have been around, or anyone with access to their browser history.

HTTPS would have ensured that the URLs were encrypted in transit, and invisible to anyone snooping on-the-wire, but the biggest concern is what happened when the “download your data” request arrived at its destination, Instagram.

Passwords are closely guarded secrets and URLs are not, and so companies handle them very differently. Passwords are typically transformed into salted hashes before being stored, so that nobody – not even admins – can see them, while URLs are routinely logged in databases or log files precisely so that administrators can see them.

It’s a bit like treating something that’s supposed to be marked “Top Secret” as merely “Restricted”.

The Information quoted an Instagram spokesperson who said that the issue was…

…discovered internally and affected a very small number of people.

Facebook didn’t say whether anybody’s Instagram account was compromised because of the error, and Naked Security has learned that Instagram is indeed in the process of deleting any passwords that may have been incidentally logged by its systems.

We’ve already seen bigger, recent problems

Bigger problems, indeed. We don’t know what Facebook/Instagram’s definition of “small” is when it comes to this breach, but we do know that security practices led to a massive breach at Facebook in September, with what would eventually turn out to be around 30 million accounts affected and another 40 million reset as a “precautionary step.”

Attackers exploited a vulnerability in Facebook’s “View As” feature to steal access tokens, which are the keys that allow you to stay logged into Facebook so you don’t need to re-enter your password every time you use the app. At least in the early days following the attack, Facebook said it looked like the hole was opened when developers made a change to the video uploading feature way back in July 2017. The attackers then stole an access token for one account, and then used that account to pivot to others and steal more tokens.

Update 2018-11-21

Since publishing the article Naked Security has learned new information about the incident. We have updated the story to reflect the fact that passwords may have been written and stored in plain text log files, rather than being stored in plain text as a matter of course.

How to recover your Instagram password?

After reading this article, you will learn how to recover your Instagram password using your username, email address, SMS, or Facebook account information.

  • How to reset Instagram password using login
  • How to reset Instagram password using email address
  • How to reset Instagram password using phone number
  • How to change your Instagram password using your Facebook account

Step 1: Open Instagram

On an Android device, you can't use your login to ask Instagram to send you the email you need to reset your Instagram password.

Step 2: Click Get Help Signing In. This link is below the blue login button.

Step 3. Enter your login. If you forgot which email address you used to create your account, enter your Instagram username. nine0005

Step 4. Click the Send Login Link button. After that, a pop-up window will appear with the first letter of your mailbox registered with Instagram and a confirmation message.

For example: "We sent an email to m*******[email protected] with a link to recover your account."

Step 5. Click the OK button at the bottom of the pop-up window.

Step 6: Check your email. If you do not have access to the email address provided, please use your phone number. nine0005

Step 7: Open the email from Instagram. If you don't see the email, look for it in your Spam folder.

Step 8. Click the link to reset your Instagram password. You will then be directed to a page where you can enter a new password for your account.

Step 9. Enter the new password twice.

Step 10. Click the Reset Password button at the bottom of the page. If the entered password values ​​match, you will be taken to the Instagram homepage.

You can now open Instagram and log in with your username and new password.

Step 1. Open Instagram. If you know your email address, you can reset your Instagram password. To do this, go to the login page of Instagram , click on the blue "Login" link, click on the "Forgot?" link, and enter your email address. You will then receive a link to reset your password.

Step 2. Click on the Get help signing in link below the blue sign in button. nine0005

Step 3. Enter your email address. This must be the email address associated with the Instagram account.

If you're using Android, you'll first need to click on "Use a username or email address".

If you remember the email address you used when you signed up for your Instagram account but can't log in, you'll need to use your phone number.

Step 4. Click the "Submit Login Link" button. You will see a banner at the top of the screen notifying you that a confirmation email has been sent. nine0005

If you are using Android, click on the "→" arrow located in the upper right corner of the screen.

Step 5. Click the OK button at the bottom of the pop-up window.

Step 6: Check your email. If you do not have access to the specified mailbox, use your phone number.

Step 7. Open the email from Instagram. If you don't see the email, look for it in your Spam folder.

Step 8. Click on the link to reset your password. After that, you will be redirected to a page where you can change the password for your Instagram account. nine0005

Step 9. Enter the new password twice.

Step 10. Click the Reset Password button at the bottom of the page. If the entered password values ​​match, you will be redirected to the Instagram home page.

You can now open Instagram and log in with your username and new password.

Step 1. Open Instagram.

Step 2. Click on the Get help signing in link below the blue sign in button. nine0005

Step 3. Click the Phone tab located on the right side of the screen.

If you are using Android, press the "Send SMS" button.

Step 4. Click the "Submit login link" link. After that, a message with a link will be sent to your mobile.

Press the "→" arrow located in the upper right corner of the screen if you are using an Android device.

Step 5. Open SMS. It must contain a five-digit numeric code. For example: 123-45. nine0005

Step 6. Click on the Instagram post. The text will say "Click to return to your Instagram account:" followed by a link.

Step 7. Click on the link. You may need to click on it twice.

Step 8. Click "Open". You'll see this button at the bottom of the "Do you want to open this page on Instagram?" dialog box. After that, you will be taken to your Instagram account.

On Android devices, clicking on the link will take you to the password reset page. Enter your new password twice and click the Reset Password button. After that, you will be taken to your Instagram profile page and log in using your new password. nine0005

If you want to change your Instagram password using your iPhone, click the Change Profile button located on your profile page. Then enter your new email address and click the Done button. Click on the settings icon, and then select the "Reset password" option. You will then receive a link to a new email address.

Step 1. Open Instagram.

Step 2. Click on the Get help signing in link below the blue sign in button. nine0005

Step 3. Click the "Login with Facebook" button at the bottom of the page.

Please note that this method will only work if you have previously linked your Facebook profile to your Instagram account.

Step 4. Click OK. It will appear below the message that you have allowed Instagram to use your profile. After that, you will be taken to your Instagram account.

If you're using Android, click the "Continue as [your name]" button instead of "OK" . nine0005

Vadim DvornikovAuthor-translator

How do hackers crack passwords? The most simple!

Home Cognitive How do hackers crack passwords? The most simple!

Today we will talk about how any passwords are technically cracked.

So the password is not stored in plain text. Most sites use the hashing algorithm for encryption and password management.

Plain text: 12345

MD5 hash: 827ccb0eea8a706c4c34a16891f84e7b

Let's take Facebook as an example. In order to log into your Facebook account, you need to enter your email and password, and then “login”. When you create a new Facebook account, you need to fill out a form with your name, email address, date of birth and gender. Also in this questionnaire, Facebook will ask you to come up with a password. nine0005

After you click "register", your data goes to Facebook's back-end database, where your name, gender, email address or phone number are stored in their original form.

What about the password? As I said before, the password is never stored in clear text in the site database. Your password is the source data for the hashing algorithm, at the output of which we receive the password in encrypted form.

The encrypted password may appear to be a collection of random letters and numbers, but it is not. The password hash is stored in the Facebook database. This means that the password you entered will not be stored in the database in clear, but in encrypted form. The database stores exactly hash password.

So let's say that Facebook has a data breach and hackers get access to user data, including name, age, gender, email and password.

But despite the fact that hackers will have all this information, they will not be able to enter user accounts, since the password they received is encrypted. If a hacker tries to enter the user's account using the password hash, access to the account will not be opened. For access, you must enter a password in the form of text. So what will the hacker do now? nine0005

It is most logical to convert the hash back to text format.1 of 2

But this is practically impossible, since hashing is a one-way function, and a text password cannot be obtained from a hash. This is how hashing algorithms work. Now what?

And here the complexity of the password comes into play. If you use a simple password such as test123456, a hacker will be able to get your password from the hash without any problems. There are so-called "Rainbow Tables", which contain hashes of the most popular passwords and their textual form. nine0005

The only thing left for a hacker to do is to search for a password by hash. If the Rainbow Table has this hash, the hacker will get the text form of the password, and the password will be cracked instantly. But let me remind you: Rainbow tables contain only the most common passwords. Check out crackstation.net.

But what if your password is unique?

In this case, the Rainbow Tables will not be useful to you. Here the so-called brute force method comes to the aid of the hacker. This is a dictionary iteration and a method to enumerate all possible combinations. nine0005

The brute force method uses, roughly speaking, a list of words, which is a text document with a huge number of passwords. The hacker writes code that compares the hash of the resulting password with the hash of every password in the file. If the hashes matched, then the password was successfully cracked, and the hacker decrypted the password.

This attack can also be targeted. That is, a hacker can create his own list of words for a particular person if the hacker knows something about the account owner, and the account owner, in turn, relied on this data when creating his password. nine0005

The success of this method depends directly on the quality of the wordlist used.

The brute-force method hashes all possible combinations of characters, letters, and numbers, and then compares the resulting hashes with the original hash. In other words, you take a list of all possible passwords, hash it, and check the hashes for a match.

It can take forever to crack a complex password using this method. However, if you have a powerful enough computer, this method can crack a simple password quite easily. nine0005

Security experts have proposed the Salting method (literally - "salting" or salt), which complicates the process of password cracking by hackers. According to this method, a certain set of characters is inserted in certain places of the unencrypted password before hashing begins. Each company has its own modifier salt, and the algorithm itself is not subject to public disclosure.

Suppose Facebook inserts the given f&2p character set at the beginning, after the third character, and at the end of the plaintext password. nine0005

After adding the modifier salt, the password is hashed.

As a result, using a modifier salt renders Rainbow Tables useless, even with a weak and common password.

The password hash with the modifier salt does not match the hash of the original password. Therefore, the brute force method cannot be called optimal for cracking a password with a modifier salt, unless, of course, the hacker knows the algorithm of this salt used by the company.

Therefore, people, make complex passwords, do not forget to like if you liked the article and we will see you very soon, good luck to everyone

previous articleHow to improve 4g and connectivity on your phone? Should you raise your hand?

Next articleWhat is Linux in simple words?

Latest news

The younger Galaxy S23 again lit up in Geekbench with a weak result

0

Geekbench showed another test run of the compact Galaxy S23 ahead of its announcement. Samsung Galaxy SM-S911B, whose ID corresponds to the model intended for the international market, is equipped with a chipset.

Learn more