Multiple Instagram users have been locked out of their accounts and claimed to be unable to re-establish their access.
According to the victims, once criminals have hijacked an account, they are changing the account’s nickname, profile picture, email, and phone number making it almost impossible to restore access.
“We are aware that some people are having difficulty accessing their Instagram accounts,” said the company. “As we investigate this issue, we wanted to share the below guidance to help keep your account secure.”
- If you received an email from us notifying you of a change in your email address, and you did not initiate this change – please click the link marked ‘revert this change’ in the email, and then change your password.
- We advise you pick a strong password. Use a combination of at least six numbers, letters and punctuation marks (like ! and &). It should be different from other passwords you use elsewhere on the internet.
- You can also use the steps outlined on this page to restore your account. Please use a new, secure email address to restore your account.
- Finally, revoke access to any suspicious third-party apps and turn on two-factor authentication for additional security. Our current two-factor authentication allows people to secure their account via text, and we’re working on additional two-factor functionality with more to share soon.
The vulnerability that hackers are looking for
In a commentary released to the press, Nadezhda Demidova, security researcher at Kaspersky Lab said that “so far, there is no valid data on exactly how criminals are gaining access to people’s Instagram profiles, but the most common method for this sort of attack is via phishing.”
Interestingly, at the end of July, a couple of weeks before the hacking wave, Kaspersky Lab witnessed a spike in this attack vector: on 31 July, the number of phishing attacks skyrocketed from around 150 per day to almost 600.
“In many instances, Instagram users themselves are the vulnerability that hackers are looking for: they give out their credentials by entering them into phishing websites, uncertified apps, and replicas of authentic pages.
“Due to its popularity, Instagram has always attracted a high amount of fraud — the number of people using the platform is now more than a billion. Once a criminal has hacked into a user’s account, they can access that user’s personal data and their correspondence. And the user’s profile can be turned into a source of malicious content, phishing, and spam,” says Demidova.
To stay safe, users are advised to take the following steps:
- Do not click on suspicious links
- Check the address of the page where you plan to enter your personal information
- Use only the official social networking app installed from a trusted source
- Do not share your account login information with third-party apps