Hackers are finding ways into Instagram accounts and changing emails to addresses with Russian domain names. A report by Mashable suggests hundreds of Instagram users could be victims of an odd hack. The report shows half a dozen users with a similar hack and hundreds of related complaints on Twitter.
The hacks are unusual because none of the cases seem to have actually shared new images or deleted old ones, the report says. Instead, users find themselves locked out because the password, phone number, and email address were all changed. The email addresses in several cases were changed to emails with a .ru at the end, a domain used in Russia. In many cases, profile pictures were swapped to a Disney or Pixar character and the bio information was deleted.
The type of hack presents problems for users since the easiest way to regain access to an account is through the email associated with that account. With the email changed, re-gaining access is a more difficult process.
The report doesn’t suggest who is behind the hacks — or if it is even one group or many. Most hacked accounts didn’t have two-factor authentication set up, though at least one did, suggesting setting up the additional security is helpful but not impenetrable. Instagram’s help page says that users that had an email changed because of a hack can use both the original username and email on the “Get Help Logging In” page.
Instagram says that, once it is aware of a hacked account, access is shut off and the network starts a remediation process. Hacks on Instagram aren’t unheard of but the social network also says that it hasn’t seen a jump in the number of hacked accounts.
Mashable suggests the hacks have been happening since the start of August, noting a spike in Google searches and tweets about Instagram hacks, along with Reddit forums with users trying to find a way back into the accounts.
Instagram’s security page recommends users regularly change passwords, using passwords that mix letters, numbers and punctuation marks and that aren’t identical to the other passwords that you use. The network also encourages users to be cautious with third-party app authorizations. Instagram also warns users to keep email account information secure because email access could allow for access to an Instagram account as well.
- Twitter now lets you put GIFs, images, and videos in one tweet
- Facebook’s new controls offer more customization of your Feed
- New phishing method looks just like the real thing, but it steals your passwords
- Get ready: there could be more ads in Instagram’s future
- The Google Home app finally has the big redesign you’ve been waiting for