A large volume of Instagram users have been hacked in recent weeks, with many of the attacks taking the same approach.
Instagram users have been discussing a mysterious hack on other social media channels over the past few weeks. According to numerous posts on Reddit, Twitter and other platforms, the attacks are similar across the user base.
Mashable reported that users find themselves logged out of their accounts and when they try to log back in, they receive a message stating that their user handle does not exist. Tweets describing this particular hack have been circulating since July.
Instagram lockdown
The hackers are changing users’ profile photos, as well as the email addresses, passwords and Facebook profiles linked to the hacked accounts. Many users said their contact email was replaced with a Russian domain (.ru) email address. This does not mean the attack is originating from Russia and it would be pure speculation to say so.
Worryingly, some users found their two-factor authentication had been switched off.
Earlier in the week, Instagram stated: “When we become aware of an account that has been compromised, we shut off access to the account, and the people who’ve been affected are put through a remediation process so they can reset their password and take other necessary steps to secure their accounts.”
No demand so far
The hackers have not made any particular demands so far, but close to 900 accounts have reported the same experience. Users are frustrated at the lengthy process they must undertake to try and get their accounts restored. Instagram’s automated help form is the source of many complaints, as users would prefer to be able to contact someone directly.
Instagram said: “We have dedicated teams helping people to secure their accounts. If you have reached out to us about your account, you will hear back from our team soon.”
The platform also directed users to its security tips page, where it lays out useful advice for those who want to reinforce protections on their account. Advice includes using two-factor authentication and changing your password on a regular basis. The latter is important, particularly if Instagram has contacted you directly about potential theft of credentials.
Instagram on a mobile device. Image: Nopparat Kokthong/Shutterstock