When tech magazine founder Bashir Osman’s Instagram account was breached, he decided to hack the attacker. He sent a password reset phishing email to encourage his attacker to click a link and enter their new credentials. And it worked. Within 15 minutes, Osman had recovered his Instagram account and locked the attacker out. “It was one hell of an experience, and it shows even people in the industry can fall short of best practices,” he says.
It was a mistake anyone could have made. Osman’s Instagram business profile had been set up in 2014 and he didn’t renew the domain name and email address associated with his account when it ran out. He regularly logged in with his user name and didn’t get around to setting up two-factor authentication.
The attackers were organised, taking advantage of the fact Osman no longer had access to the domain name and email address linked to his Instagram account. “I opened up GoDaddy to try and buy the domain name again, and to my surprise it had been purchased less than an hour before I got logged out. I realised someone had bought the domain, re-created the email account I had publicly visible on my Instagram, and used a simple password reset via email to kick me out.”
Instagram hacks like this can be devastating, especially for the businesses and influencers who rely on the social network for revenue. “When your account is taken over, there is no going back – most content creators have to start again and it can take years to build up,” says Lotanna Ezeike, founder and CEO of XPO, a fintech platform for social media influencers.
Making things worse, contacting Instagram, which is owned by tech giant Facebook, can be difficult and complicated after you’ve been breached. But it goes without saying that if your Instagram is hacked, don’t post about it on social media, or try to hack it back. You’ll only attract bots and scammers which will ultimately make the problem worse.
Here’s what to do if your Instagram account is hacked, and how to prevent being breached in the first place.
Why hackers target Instagram accounts
A billion people use Instagram every month, and those with large follower counts are at greater risk of being targeted. Once they have taken control of your account, attackers will often use it to sell scam products, or distribute malware and steal credentials via phishing pages.
“The most targeted accounts include those that generate a lot of income from brand partnerships, as this is the quickest way for a hacker to benefit,” says @andreacdasilva_, an Instagram influencer. These include Instagram profiles with a large following and verified accounts as well as micro-influencers with a high engagement rate.
Malicious actors often look to compromise influencers by posing as technical support accounts, as one scam revealed by security researchers at Trend Micro shows. In order to lure their victims, criminals claim the account owner has committed a copyright violation, or in some cases adversaries will simply offer to provide a verified badge.
Criminal hackers will then encourage people to enter information via a link that leads to a phishing site. When someone enters their password, criminals can take over their Instagram account, sometimes holding it to ransom in exchange for a Bitcoin payment.
How to tell your Instagram account has been hacked
The first sign your Instagram has been hacked is often strange activity such as spam appearing on your feed, or suspicious links sent to your followers via your DMs. “If you’re lucky, you will receive an email from Instagram reporting suspicious activity on your account,” says Drew Benvie, CEO of communications agency Battenhall.
If at this stage you can still access your Instagram, it’s important to act quickly. “If hackers haven’t changed your password and you still have access, get in and change it ASAP to something complex and unique,” says David Emm, principal security researcher at cybersecurity company Kaspersky.
If someone has breached your account and changed details such as your email address and phone number, you will need to work through the prescribed method via the Instagram Help Page. Here you will be asked to answer a few questions such as what alerted you to the compromise, and Instagram will offer you a login link or code to your email or phone – which of course will not work if hackers have changed the contact details associated with your account. You can also request support from Instagram via the app on your iPhone or Google Android device.