Posts: 6,187 +51
Victims are finding themselves logged out of their Instagram accounts, only to discover that their usernames don’t exist anymore when they attempt to log back in. In addition to their handles changing, affected users’ profile image, email address, phone number, and bios have been altered, too.
Strangely, the profile pictures are often changed to either stills from movies or Disney/Pixar animated characters, and the new email accounts originate from the Russian .ru domain. What’s also unusual is that the hackers aren’t deleting or adding any new posts, which often happens to compromised social media accounts.
While the .ru email addresses do suggest the attacks have a Russian origin, a number of countries can register for an account with the service.
One user said that they were using the optional two-factor authentication at the time of the hack, but it didn’t prevent the attacker from gaining access.
According to Mashable, more than 5000 tweets from 899 Twitter accounts have mentioned Instagram hacks in the last seven days, many of them asking Instagram’s Twitter account for help. But the Facebook-owned firm hasn’t been particularly helpful, and many victims are finding the automated reporting process frustrating. "The maze that Instagram sends you on to get your account back is laughable and leads to broken/dead links and emails from robots which lead nowhere," said Abagail Nowak, one of the affected users.
"Frankly, Instagram has been useless in helping me. I have sent at least a dozen emails to Instagram support and the response is always the canned email - we'll get back to you. No call or email ever comes back. I sent emails to all the top executives at Instagram... no response," Cynthia Corzo, who was also hacked, told me. "I sent private messages via Facebook to those top executives... no response."
"I'm truly disappointed with Instagram's lack of assistance. I uninstalled the app and am not sure I'll ever go back."
Instagram says it is now investigating the claims, despite initially denying any increase in hacking reports. If you’ve got an account, enabling two-factor authentication is advised—even though it failed to protect at least one person.