Connect with us

Technology

Instagram users are reporting the same bizarre hack

Published

6 years ago

on

Krista, an Instagram user with more than 4,500 followers on her fitness account, noticed something strange on Saturday evening: she had been logged out of her account. 

When she tried to log back in, she got a message that her username didn’t exist. She soon realized her handle and photo had both been changed, as had the email address and phone number associated with her account. She tried to request a password reset, only to see the new email linked to her account was now a .ru email: she had been hacked. 

Megan, an Instagram user with about 2,000 followers, has a similar story. She woke up Monday morning to a logged out Instagram account. Her user name and profile image had changed, as had the password, email address, and Facebook account linked to her Instagram.

Like half a dozen other hacking victims who spoke with Mashable, her profile photo had been changed, as had all the contact information linked to the account, which was now linked to an email with a .ru Russian domain. 

Many of these users have been desperately tweeting at Instagram’s Twitter account for help

Megan and Krista’s experiences are not isolated cases. They are two of hundreds of Instagram users who have reported similar attacks since the beginning of the month. On Twitter, there have been more than 100 of these types of anecdotal reports in the last 24 hours alone. According to data from analytics platform Talkwalker, there have been more than 5,000 tweets from 899 accounts mentioning Instagram hacks just in the last seven days. Many of these users have been desperately tweeting at Instagram’s Twitter account for help. 

Though Instagram, which has more than 1 billion users, says it hasn’t seen an uptick in hacks, a search of Twitter data suggests otherwise. Twitters users have directed approximately 798 tweets to Instagram’s official account with the word “hack” since the beginning of the month, compared with about 40 tweets during the same period in July. 

There are numerous reports of hacks on Reddit, and a Google Trends search shows a spike in searches for “Instagram hacked” on Aug. 8, and again on Aug. 11.

“We work hard to provide the Instagram community with a safe and secure experience,” an Instagram spokesperson said in a statement. “When we become aware of an account that has been compromised, we shut off access to the account and the people who’ve been affected are put through a remediation process so they can reset their password and take other necessary steps to secure their accounts.”

It’s not clear how hackers are gaining access to these accounts, or if it’s the result of a coordinated attack. But Mashable has identified several commonalities among the hacking victims — like a changed handle and profile avatar (often to an animated character from a Disney or Pixar film), deleted bios, and a new .ru email address on the account. In most cases, the Instagram users did not have two-factor authentication enabled at the time of the hack, but it appears even this setting may not be enough to deter hackers. 

Chris Woznicki's account info was changed, along the with the email associated with his account.

Chris Woznicki’s account info was changed, along the with the email associated with his account.

The extra security measure didn’t protect Chris Woznicki, who was using two-factor authentication at the time his account was hacked 10 days ago. Woznicki says Instagram sent him security emails notifying him the email address on his account had been changed (once again, to a .ru address) and 2FA had been disabled. But by the time he saw the messages, it was too late and he had already lost access to his account, which had 660 followers. Others have reported similar occurrences. 

Interestingly, the hackers don’t appear to be posting new photos or removing old posts from their victims’ accounts, as is often the case when a social media account is compromised. But they are changing all of the contact information linked to the account, which makes it exceedingly difficult for its owner to regain access.

A security email sent to Chris Woznicki, he saw it too late to lock down his Instagram account.

A security email sent to Chris Woznicki, he saw it too late to lock down his Instagram account.

That’s because Instagram’s own security policies can make it challenging for someone to access an account if they no longer own the email and phone number associated with the account. While that policy is in place for obvious reasons — you don’t want just anyone to be able to request a password reset, for example — it also has the effect of making the account recovery process extremely difficult for people who have had their account credentials changed. 

“When I reported it, they sent an automated email which told me to log in and change the password,” says Woznicki. “However at this point it was impossible to do that.”

Instagram say it has a process in place to address these types of cases, but many users have found it lacking. Because the company relies on a largely automated account recovery process, it can be time consuming, and leave users feeling like they are moving in circles without anyone actually addressing their situation.

“The maze that Instagram sends you on to get your account back is laughable”

“The maze that Instagram sends you on to get your account back is laughable and leads to broken/dead links and emails from robots which lead nowhere,” says Abagail Nowak, whose Instagram was also hacked.

Nowak, who works closely with Facebook as part of her day job as a social media manager, has not been able to access her account for five days, despite several attempts to contact Instagram, she said. Her account is now linked to an email address with a Russian domain. 

For others, regaining access to their Instagram accounts is more than just a personal matter. Krista, the fitness influencer, is worried losing her account could compromise her relationship with several sponsors. “If I am unable to get my account back it’s going to affect the sponsorships I have,” she says.

Some Instagram users have been able to successfully navigate Instagram’s remediation process. One user said her account access was restored after being contacted by Mashable, but described the process as “extremely stressful.” 

Instagram hacks are not a new occurrence. With more than 1 billion users, the service has become a major target for hackers of all stripes. But it’s not clear if the company’s policies for dealing with these cases have scaled with the rest of the service. Instagram declined to share specifics on how long its remediation process typically takes, but if the volume of angry tweets is any indication, it’s not addressing these reports quickly enough.

Many users, like Woznicki, have resorted to creating brand new accounts while they wait out a response from Instagram. “I have no hope from Instagram for any real help,” he says.

Has your Instagram account been hacked in this way? Email the author at karissa [at] mashable.com.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f86337%2f38936fef ad40 4e92 a63a 0c92bd782d13

!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}

Related Topics:
Continue Reading
Advertisement Find your dream job

Trending