Hundreds of Instagram users are reporting that their accounts have been hacked, locking out their owners, with a number of the incidents pointing to a possible Russian link …
Mashable says that although Instagram hasn’t acknowledged an issue, there is evidence to suggest that there has been a significant increase in hacked accounts this month.
Though Instagram, which has more than 1 billion users, says it hasn’t seen an uptick in hacks, a search of Twitter data suggests otherwise. Twitters users have directed approximately 798 tweets to Instagram’s official account with the word “hack” since the beginning of the month, compared with about 40 tweets during the same period in July.
There are numerous reports of hacks on Reddit, and a Google Trends search shows a spike in searches for “Instagram hacked” on Aug. 8, and again on Aug. 11.
Those affected report that their account details have been changed, including email address and phone number, making it all but impossible to recover the account.
In a number of cases tracked down by Mashable’s Karissa Bell, the new email address was a Russian domain.
Mashable has identified several commonalities among the hacking victims — like a changed handle and profile avatar (often to an animated character from a Disney or Pixar film), deleted bios, and a new .ru email address on the account.
Most victims weren’t using two-factor authentication – a lesson they have now learned the hard way – but at least one was. It’s becoming increasingly comment for SMS intercepts to be used to bypass 2FA, which is why the US government considers it too insecure a channel for 2FA codes.
Many are complaining that Instagram’s recovery process is too tortuous, and are creating new accounts, even though it means losing hundreds or thousands of followers.