Scam of the Week – Hackers Take Control of Instagram Accounts

August 16, 2018 4:36 pm Geraldine Strawbridge

Instagram users have flocked to social media to report that their accounts have been hacked in a mysterious cyber-attack.

Users are finding that they’re suddenly logged out of their accounts and as soon as they try and log back in, they discover that their profile image, handle, contact information and bios have all been changed.

In each of the hacked accounts, the profile picture has been replaced with a Disney or Pixar image and the email address connected to the account has been changed to one with a .ru Russian domain.

The majority of affected accounts did not have two-factor authentication enabled, however, there appears to be a number of accounts where the hackers have been able to by-pass this additional security measure.

It’s unclear how the hackers have been able to gain access to accounts or if it’s part of a larger coordinated attack. Oddly, older posts on the compromised accounts have been left untouched and no new posts appear to have been added. This has led some security researchers to speculate that those behind the attack are trying to build a large botnet.

Instagram had initially suggested that they had not seen an upsurge in hacking attempts, although a report conducted by Mashable found that Twitters users had sent 798 tweets to Instagram’s official account with the word “hack” since the start of August, compared with just 40 tweets during the same period in July.

Image: Images that have replaced hacked account profile photos

Source: BBC News

Instagram has since released a statement suggesting the cyber-attack is more widespread than initially thought: “We are investigating claims of some hacked Instagram accounts and will take the necessary steps to help those impacted.

“We work hard to provide the Instagram community with a safe and secure experience. When we become aware of an account that has been compromised, we shut off access to the account and the people who’ve been affected are put through a remediation process, so they can reset their password and take other necessary steps to secure their accounts.”

In light of the recent cyber-attack, there are a range of security measures that Instagram users can take to improve the security of their accounts, these include:

  • Choose a strong password: A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols.
  • Update passwords regularly: If you use the same password year after year it greatly increases the chance of your accounts being hacked. Rather than change your full password each month, you can change characters, numbers, add symbols, or reverse the use of uppercase or lowercase letters.
  • Use different passwords for different accounts: If hackers can work out just one of your passwords, whether it’s for an Instagram account or online banking, they can potentially access every single account you have. It’s always best to use different passwords for separate accounts for enhanced security.
  • Two Factor Authentication (2FA): 2FA offers an extra layer of defence in protecting the security of your accounts. There are a range of two-factor authentication sites available that can be used for this process.

Cyber-attacks now pose a greater and more complex threat to businesses than they did several years ago. The MetaCompliance product range directly addresses the specific challenges that arise from cyber threats and helps organisations stay cyber secure and compliant. Get in touch for further information on how we can help protect your business.