What can Depot’s Instagram Hack Teach us About Security on Social Media?

*Update: As of 15 March, Depot has managed to get their account back 🙌*

You may have seen a recent post going gangbusters on Instagram, where popular Auckland inner-city oyster bar Depot is running a competition to give away not one, not two, but THREE $1,500 dinner vouchers to some lucky, lucky punters. The competition currently has over 4,000 entries! 😱

Such engagement, so wow, we should all be so lucky.

The only problem? Depot AREN’T running this competition.

Al Brown, the world-famous-in-NZ chef who owns Depot, confirmed to Stuff that their Instagram account was hacked and is currently not under their control at all. To make matters worse, not only had the hackers put the competition up, but they are actively removing any comments and banning accounts trying to warn the scores of users flocking to the competition.

We can’t afford to give away a bread roll at the moment,

Al Brown via Stuff.co.nz

The hack highlights the dangers of undercooked security practices that plague the internet. With the number one most used password on the internet in 2022 being ‘123456’ (seriously people, come ON), it’s only a wonder that things like this don’t happen MORE often.

So what can we learn from Depot’s debacle, and how can we ensure that our brand social profiles are secure? As a social media specialist agency, this is something we’ve thought about, a LOT, and we have a few tips that anyone can take to make their digital presence more secure.

Tip #1: Create strong passwords (No, your mum’s maiden name isn’t good enough).

Consider creating longer passwords, using a combination of upper and lower case letters, numbers, and special characters. If it’s too hard to remember longer passwords, try creating passPHRASES, easy-to-remember sentences that will be much harder for a hacker to guess or to brute force through computer power.

Tip #2: Don’t repeat passwords, passwords1, pa$$word$2…

It’s difficult to remember lots of passwords, we know, but having the same or similar passwords for multiple accounts makes it much easier for bad actors to get access to your entire digital life. If it becomes hard to remember all your passwords, consider using a password management service, there are many free/cheap ones out there.

Tip #3: Use two-factor authentication. Like, everywhere. Right now.

Two-factor authentication (2FA) requires a code generated by a physical device, such as your phone, as a second form of verification. This means that even IF someone gets a hold of your password, they would still need your actual phone to be able to get into your account. It’s the single most effective thing you can do to secure your accounts.

Most, if not all social media platforms have 2FA available in the security settings, and this is even MORE important where brand accounts are concerned. Here at Mosh, we require 2FA not just on every client account we manage, but our Facebook Business Manager accounts, even our actual password management system requires 2FA to get into.

Tip #4: Make sure all your devices ALSO have strong passwords.

Having strong passwords on all your accounts and two-factor authentication is all well and good, but if the devices you use to log into these accounts are stolen and don’t have proper security setups, all your hard work is for naught. Phones, laptops, these should all have strong passwords or passphrases on them.

Tip #4.5: Stop commenting on those phishing posts, nana!

We’ve all seen them: “Your first pet’s name + the street you grew up on = Your Harry Potter Patronus name” or some other daft shit like that. Despite seemingly being a bit of fun, they’re often trying to get you to disclose common passwords or answers to common password recovery questions. Be like Gandalf; keep your secrets. Seriously though, just stop.

These are just a few ways to help strengthen your digital presence in your personal and working life, so set some time aside, and update that password you haven’t changed since you were 16. We see you 👀