Karissa Bell* reports that Instagram is struggling to cope with a spate of attacks on users’ accounts.
Krista, an Instagram user with more than 4,500 followers on her fitness account, noticed something strange.
She had been logged out of her account.
When she tried to log back in, she got a message that her username didn’t exist.
She soon realised her handle and photo had both been changed, as had the email address and phone number associated with her account.
She tried to request a password reset, only to see the new email linked to her account was now a .ru email.
She had been hacked.
Megan, an Instagram user with about 2,000 followers, has a similar story.
She woke up one morning to a logged out Instagram account.
Her user name and profile image had changed, as had the password, email address, and Facebook account linked to her Instagram.
Like half a dozen other hacking victims who spoke with Mashable, her profile photo had been changed, as had all the contact information linked to the account.
The account was now linked to an email with a .ru Russian domain.
Megan and Krista are two of hundreds of Instagram users who have reported similar attacks.
According to data from analytics platform, Talkwalker there have been more than 5,000 tweets from 899 accounts mentioning Instagram hacks in just seven days.
Many of these users have been desperately tweeting at Instagram’s Twitter account for help.
Though Instagram, which has more than a billion users, says it hasn’t seen an increase in hacks, a search of Twitter data suggests otherwise.
Twitters users have directed approximately 798 tweets to Instagram’s official account with the word “hack” since the beginning of August.
“We work hard to provide the Instagram community with a safe and secure experience,” an Instagram spokesperson said.
“When we become aware of an account that has been compromised, we shut off access to the account and the people who’ve been affected are put through a remediation process.”
Mashable has identified several commonalities among the hacking victims — like a changed handle and profile avatar (often to an animated character from a Disney or Pixar film).
Biographies are deleted and a new .ru email address is on the account.
In most cases, the Instagram users did not have two-factor authentication enabled at the time of the hack, but it appears even this setting may not be enough to deter hackers.
The extra security measure didn’t protect Chris Woznicki, who was using two-factor authentication at the time his account was hacked 10 days ago.
Interestingly, the hackers don’t appear to be posting new photos or removing old posts from their victims’ accounts.
They are changing all of the contact information linked to the account, which makes it exceedingly difficult for its owner to regain access.
That’s because Instagram’s own security policies can make it challenging for someone to access an account if they no longer own the email and phone number associated with the account.
That policy is in place for obvious reasons — you don’t want just anyone to be able to request a password reset, for example.
However, it also has the effect of making the account recovery process extremely difficult.
Instagram says it has a process in place to address these types of cases, but many users have found it lacking.
Because the company relies on a largely automated account recovery process, it can be time consuming, and leave users feeling like they are moving in circles.
For others, regaining access to their Instagram accounts is more than just a personal matter.
Krista, the fitness influencer, is worried losing her account could compromise her relationship with several sponsors.
Some Instagram users have been able to successfully navigate Instagram’s remediation process.
One user said her account access was restored after being contacted by Mashable, but described the process as “extremely stressful”.
Instagram hacks are not a new occurrence.
The service has become a major target for hackers of all stripes.
It’s not clear if the company’s policies for dealing with these cases have scaled with the rest of the service.
Instagram declined to share specifics on how long its remediation process typically takes, but if the volume of angry tweets is any indication, it’s not addressing these reports quickly enough.
* Karissa Bell is a Senior Tech Reporter at Mashable. She tweets @karissabe
This article first appeared at mashable.com
