Instagram users, we have a bit of a public service announcement for you today: set up two-factor authentication on your account, and change your password if you think it may have been compromised elsewhere.

Account hacks

Over the last couple of weeks, there has been a spate of reports from Instagram users of their accounts being hacked. Each follows a similar pattern, which implies these users login details may have all been obtained from the same source.

The first sign is that users notice they have been logged out of their accounts. When trying to sign in again, they’re told the account no longer exists. In short, it looks like a group of hackers based in Russia are accessing these accounts and then changing the associated username, password, email address, and profile photo. This makes it exceedingly difficult for the original user to reclaim the account. For the full story, check out the original report from Mashable.

Two-factor authentication

This security feature means Instagram will double-check your identity every time you log in. It does this by texting a security code to your registered phone number, and makes it much harder for anybody else to access your account.

To set it up, open Instagram and tap the Me button in the bottom right. Then look for the Settings icon (to the right of the Edit Profile button) and tap it. Scroll down to Two-factor authentication and follow the instructions.

Once configured, there’s an option to screenshot or write down a series of backup codes. These can be used to authenticate login even if you change your phone number or lose your device and can’t receive texts – but keep them safe, because these codes could equally be used to help somebody else get access to your account if they know your email and password!