In an extensive hacking campaign, hundreds of users are reporting that their Instagram accounts have been attacked. Aside from losing access to their own personal Instagram account, their profile images, phone numbers, email addresses and bio info have been changed as well. These hackers are deliberately taking down people’s Instagram accounts, but exactly why and what they’re doing with them is not exactly clear.
Several users have been reporting some rather strange account activities since the beginning of August. Users are getting ‘logged out’ of their accounts, and if they attempt to log back in, it shows that their username no longer exist. They’ve also found that their profile, including their personal info – phone numbers and addresses have been changed. Many of the users who are affected even saw their profile pictures set to a Pixar or Disney movie character with the new email addresses changed to a Russian .ru email address. This prevents any of the affected users from changing or recovering their accounts since the hackers technically have full control over their data.
Angry users turned to Twitter and Reddit to express their dismay and frustrations over Instagram’s services and lack of immediate action. It is unclear how the hackers are targeting the accounts and how widespread the attack is. According to Mashable, Instagram released in a statement that it has protocols in place for all users that had their account hacked. Instagram immediately shuts off all access to the hacked accounts and provides the legitimate owners a chance to reset their password and ultimately regain their accounts.
Instagram is entirely dependent on text messaging for their security. Their 2FA (two-factor authentication) is believed to be a lot less secure than other app-based 2FA methods. However, the company said in a statement that it is currently working on huge improvements for their 2FA settings.
Instagram added, “We have dedicated teams helping people to secure their accounts. If you have reached out to us about your account, you will hear back from our team soon.”
In a statement the company wrote and sent to users after the attack, “If you received an email from us notifying you of a change in your email address, and you did not initiate this change, please click the link marked ‘revert this change’ in the email, and then change your password. We advise you pick a strong password.”
Instagram recommends these safety procedures to protect other users from such attacks:
- Use a strong password—at least six numbers, letters, and symbols—different from those used elsewhere on the web.
- Revoke access to suspicious third-party applications.
- Activate two-factor authentication (2FA).
Several Information Security experts are now speculating that the attacks might just be a test run and could just be a start of something bigger for the hackers.