Instagram Hit By Widespread Hack And Users Locked Out

A widespread hacking campaign that hit Instagram has affected hundreds of users, locking them out of their accounts. First spotted by Mashable, the hacking campaign seems to stem from Russia and affects a steadily increasing number of Instagram users, who are taking to the social media and reporting this hack, reportedly a “mysterious” kind of hack, on Twitter and Reddit. They have reported being locked out of their accounts with their email addresses changed, to .ru domains.

As per reports, the victims have also stated that their Instagram account names, their profile pictures, passwords, the email addresses associated with their Instagram accounts and sometimes even with their Facebook accounts etc are being changed as a result of this hack. Some of the victims reportedly revealed that their profile pictures are replaced with pictures from popular films, like Pirates of the Caribbean, Despicable Me 3 etc.

The use of the .ru email domains seems to suggest the involvement of some Russian hacking group, but that cannot be said for certain. The Hacker News reports- “Although it is still unknown who is behind the widespread hack of Instagram accounts, the use of the email addresses originating from Russian email provider mail.ru may indicate a Russian hacker or hacking group is behind the attack, or perhaps hackers pretending to be from Russia.”

The report further says-“First spotted by Mashable, the hack even affected Instagram users with two-factor authentication (2FA) enabled, as at least one user told Mashable that he was using 2FA, but it did nothing to stop his account from being hacked. However, it is currently unconfirmed.”

Instagram published a blog post which clarifies that the company is investigating the issue. The blog post says- “We are aware that some people are having difficulty accessing their Instagram accounts. “

The post then elaborates on what all needs to be done to keep accounts secure. Users who receive an email from Instagram notifying them of a change in email address should click the link marked ‘revert this change’ in that email if they hadn’t initiated a process for email address change. They should then change their password. Instagram advises using a strong password. The blog post says- “We advise you pick a strong password. Use a combination of at least six numbers, letters, and punctuation marks (like ! and &). It should be different from other passwords you use elsewhere on the internet.”

The Instagram blog post also advises users to “… revoke access to any suspicious third-party apps and turn on two-factor authentication for additional security.” The post further says- “Our current two-factor authentication allows people to secure their account via text, and we’re working on additional two-factor functionality with more to share soon.”

Anyhow, since the issue hasn’t yet been resolved and no details are available on how the accounts are hacked, it’s not known whether or not the hackers can bypass two-factor authentication. The motive of the hackers to remains unknown.

The Instagram blog post ends on a reassuring note, saying, “We have dedicated teams helping people to secure their accounts. If you have reached out to us about your account, you will hear back from our team soon.”