Celebrity hacks keep hitting Instagram. Here’s how the app could better protect verified users.

On Monday, hackers hijacked Selena Gomez’s Instagram account and leaked nude photos of Justin Bieber. Gomez, the most-followed user on Instagram, wasn’t the only celebrity whose account was compromised recently: Ariana Grande, the second-most-popular Instagram user, was hacked earlier this month. When Nicki Minaj posted a thinking-face emoji in Grande’s comments, hackers told her she was next.

Instagram blamed a bug in the app’s API that allowed hackers to access the users’ phone number and email. In a statement sent to its verified users, Instagram said:

At this point we believe this effort was targeted at high-profile users. We encourage you to be extra vigilant about the security of your account and exercise caution if you encounter any suspicious activity such as unrecognized incoming calls, texts and emails.
To make your account more secure, ensure two-factor authentication is enabled and pick a strong, unique password and keep it safe. Your experience on Instagram is important to us, and we are sorry this happened.

According to Instagram, the glitch has since been fixed. But the question remains, could — and should — the photo-sharing app be doing more to combat these types of attacks?

Here are a few ways Instagram could step up.

1. Fingerprint-protect Instagram posts

On iPhone and Android, third-party apps can use the fingerprint sensor to protect user data. On iOS, for example, software like Evernote, Dropbox and the Chase app can use Touch ID to log into the app or access certain features. Instagram could add the option to require Touch ID before photos or videos can be posted.

2. Why not embrace facial recognition?

Facial recognition has gone mainstream, and face scanning is almost ready for its close-up. Apple is rumored to be featuring sensor-enabled face scanning in the upcoming iPhone line, and if you’ve used its Photos app, you’ll know it’s gotten scarily good at recognizing who’s who in your albums. Facebook has some powerful (and controversial) face-scanning tech as well.

To better protect verified users, the Facebook-owned Instagram could use its parent company’s facial recognition algorithm (which is more accurate than the FBI’s) to recognize faces and prevent rogue posting. If you don’t look like Ariana Grande, you don’t get to post to her account. (Of course, this method isn’t hacker-proof — but it would help.)

3. Make two-step verification mandatory

Instagram added two-step verification back in March, and if you care about your privacy, you should have it turned on. If you have a verified account on the service, you should definitely have it enabled.

Unlike the previous two examples, which prevent strangers from posting to your account, two-step prevents them from logging into your account in the first place. Along with requiring a password, it’ll ask for a random code texted to your phone. It’s not foolproof, but it certainly makes hackers have to work much harder.