loader gif

​Hundreds of Instagram users locked out of accounts, recovery emails changed to .ru addresses

​Hundreds of Instagram users locked out of accounts, recovery emails changed to .ru addresses
  • Affected Instagram users reported they were unexpectedly logged out of their accounts and their personal details were altered.
  • Many reported that their associated email address was changed to one with a Russian domain.

Hundreds of Instagram users reported experiencing that their accounts have been hijacked and personal details altered. Starting earlier this month, an increasing number of users reported that they were unexpectedly logged out of their accounts and their handles, avatars and bio details have been tweaked.

Upon attempting to reset their passwords, many discovered that the email address linked to their account was changed to one with a .ru domain.

However, affected users reported that there were no new posts created or older photos deleted from their hijacked accounts. In some cases, users’ profile photos were replaced with film stills from Disney or Pixar movies, BBC reported.

Hundreds of irate user reports

Many victims took to social media to voice their concerns and vented their frustration over account-recovery process being largely unsuccessful.

Data analytics firm Talkwalker reported 899 accounts referenced Instagram hacks in the last week, Mashable reported.

“My account was hacked! Everything was reset so I can't reset the password. It might have been disabled. Received an email to reset password but it goes to an error page. Cmon Instagram! Don't leave us hanging like that! I want my account back!” one user posted to Instagram's Twitter account.

Is a spam botnet being built?

However, the mass hijacking did prompt concerns of the preparators likely building a botnet.

“Although no one seems to know for sure, I assume the hacked accounts were intended to be used as spambots,” Paul Bischoff, a privacy advocate at Comparitech.com told Threatpost. “Even if some victims regain control of their accounts, many of those affected have likely quit the platform or just won’t go through the trouble, adding soldiers to the spambot army.”

Rise in SIM hacking

Some Instagram users reported their accounts were hijacked despite having two-factor authentication enabled.

This could be due to the growing new form of online theft - SIM hacking - that involves hackers illegally gaining access to a user’s phone number by tricking a telecom customer service agent into reassigning a phone number to a new SIM card. The attackers can then use the phone number and typical account recovery and SMS-based 2FA processes to reset Instagram, Twitter, Amazon or other accounts. This method could also be leveraged to hijack authentication codes for banking transactions as well.

Russian link

Although the hijacked accounts were linked to Russian email addresses, some experts speculate that this could indicate the perpetrators are linked to the country or could just be a red herring.

“Having a hacked account associated with a Russian email address may well signify that the attacker is a resident of that country, but it certainly not a foregone conclusion,” Comparitech security researcher Lee Munson said. Email addresses are easily spoofed, either to conceal identity or to encourage finger-pointing toward the wrong place.”

Instagram said it is “aware that some people are having difficulty accessing their Instagram accounts” and is currently investigating the issue. The social media firm did not specify how many accounts have been affected or offer any details on the cause of these attacks.

The company has urged users to review their security settings and enable 2FA on their accounts.

The incident also happens to come after the firm confirmed in July that it is building a stronger 2FA that will not utilize users’ phone numbers.

"We’re working on additional two-factor functionality with more to share soon," the company said.

loader gif