The social media giant Facebook was hacked a few days ago after hackers exploited a vulnerability in its “View As” feature. As a result, 90 million users were affected but now, in another hacking spree hackers are targeting high-profile Instagram accounts and holding them for ransom – In some cases, hackers have gone one step further by permanently deleting the targeted Instagram accounts.
According to Motherboard, so far a number of Instagram influencers have become a victim of growing hacking spree including Kevin Kreider, an LA-based health and fitness Instagrammer with over 100,000 followers who lost his account to hackers after falling for a phishing scam that claimed to offer a sponsorship deal with French Connection. At the time of publishing this article, Kevin’s account was restored by Instagram.
Cassie Gallegos, another victim of Instagram hacking spree who published lifestyle content wrote in her blog that she had over 57,000 followers on her account before she lost its control to hackers. She then received a Tutanota.com-based email from hackers demanding ransom in Bitcoin however after a brief discussion, Cassie ended up paying $122 ransom. Despite the payment, the hackers did not return her account neither was there any positive response from Instagram.
“I got them down to a measly $122 for my account (which I reluctantly and stupidly paid via Bitcoin, they would not accept venmo or PayPal or any other payment that could be tracked). THEN THEY STOPPED RESPONDING ENTIRELY,” wrote Cassie.
Anna Wood, another lifestyle-related Instagrammer with 44,000 followers revealed how her account was hacked and held for ransom by hackers. In her case, the phishing email came from a ProtonMail.com-based email address. Anna’s account has now been restored however she claims Instagram did not respond to her directly and it could be that outrage from her fans may have persuaded Instagram to restore her account.
There are several other victims who have confirmed to Motherboard that they received a real looking email supposedly from Instagram in which they were asked to click on a Bit.ly’s short URL link to sign up for a deal by signing in to their account, however, the short URL redirected users onto a fake Instagram page and sent their login credentials to hackers.
This type of phishing attack is a common method used by hackers to steal login data of unsuspected users. Moreover, attackers can buy ready-made phishing pages of websites like Instagram, Facebook, Apple, PayPal, and Netflix on the dark web for just $2.
This is not the first time that Instagram users have fallen victim to such attacks. Last year, data of top celebrities on Instagram was stolen and traded on underground markets. In August of this year, according to a data analysis firm Talkwalker, there were over 5,000 tweets posted from 899 user accounts that mentioned Instagram hacks in just one week. A majority of these users were tweeting aggressively to seek help from Instagram’s Twitter account.
Instagram addressed the issue in a blog post and urged users to enable two-factor authentication on their account.
“Our current two-factor authentication allows people to secure their account via text, and we’re working on additional two-factor functionality with more to share soon,” said Instagram.
Here are some things you can do to help keep your account safe:
- Pick a strong password. It should be different from other passwords you use elsewhere on the internet.
- Change your password regularly.
- Never give your password to someone you don’t know and trust.
- Turn on two-factor authentication for additional account security.
- Make sure your email account is secure.
- Log out of Instagram when you use a computer or phone you share with other people.
- Don’t check the “Remember Me” box when logging in from a public computer
- Think before you authorize any third-party app.