Popular actress Jessica Alba’s Instagram account was recently hacked just days after her Twitter account was also hacked.  In both instances, inappropriate postings were made by the hacker which stayed up for hours until the material was removed.  It appears that both hacks were done by the same hacker who in one of his postings  indicated that he was a fan of hers and had no malice towards her.  While these hacks were relatively benign, hacks of your online accounts can lead to serious embarrassment as was the case when actress Jennifer Lawrence and others had accounts hacked resulting in nude photos being stolen and posted throughout the Internet.  Such hackings can also lead to crimes such as identity theft or the unwitting downloading of malware by people who are fooled into thinking they are clicking on links provided by celebrities or their real friends on social media.

While I don’t know precisely how Jessica Alba’s Instagram account and Twitter Account were hacked, generally this is done when a hacker steals or is otherwise able to predict the password of the hacking victim.  Therefore it is always important to have a unique and complex password for each of your online accounts.  This is particularly important because passwords are often compromised in data breaches.  If you use the same password for all of your online accounts, this puts you in great danger of identity theft if your password security is breached in a data breach at one place.  You also should have a strong security question so that if someone merely has your username or email address, they are not in a position to change your password by merely answering a security question, the answer to which may be readily available on line, such as what is your mother’s maiden name.

Finally, it is important to use dual factor authentication whenever possible.  It is most likely that Jessica Alba did not use dual factor authentication for her Instagram and Twitter accounts. If she did, it is extremely unlikely that her accounts would have been able to be hacked.  More and more companies such as Facebook, Twitter, Google, Tumblr, Yahoo, WhatsApp and others are using dual factor authentication  which most commonly works such that when your password is used to access your account, a special code is sent to your smartphone that must be used in order to complete access to the account. This provides dramatically enhances security. Whenever you are able to use dual factor authentication for a particular website, account or app, you should take advantage of this.  Some dual factor authentication protocols do not require it to be used when you are accessing the account from the computer or smartphone that you usually use, but only if the request to access the account comes from a different device.


You should have a unique, strong password for each of your online accounts so that in the event that there is a data breach and the password for one of your accounts becomes compromised, all of your accounts will not become vulnerable to being hacked.  Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

An easy solution to the problem of the answers to knowledge based authentication security questions being too readily available on the Internet is to make the answer to your security question nonsensical. For instance, if your security question is what is your mother’s maiden name, you can pick something ridiculous, such as “firetruck” as the answer. No hacker will ever be able to find the answer to this security question online and it is so silly that you will remember it.

Whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

Here is the link to information about setting up dual factor authentication for your Twitter account. https://help.twitter.com/en/managing-your-account/two-factor-authentication

Here is the link to information about setting up dual factor authentication for your Instagram account. https://help.instagram.com/566810106808145

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”