If you’re on Instagram, you may notice that every day seems to bring new follows and likes from accounts that promote adult content. While this sort of thing is prevalent on all social media sites, the problem has become more serious on the photo- and video-sharing app recently, as hackers take over existing accounts rather than creating new ones.
Symantec reports that the last few months have seen a number of legitimate Instagram accounts taken over and used to promote adult ‘dating’ sites and pornographic content. The hacked accounts share the following traits: an altered profile and user name, a female profile picture (even when the original account belonged to a man), a new bio, newly uploaded photos (usually sexually suggestive), and altered/added profile link. The hackers don’t remove content uploaded by the original account holder.
Most of the new links direct users to sites where they are asked to fill in surveys to meet women “for sex” or to access nude photos. Once completed, they are redirected to an adult dating website that contains an affiliate identification number. For everyone who signs up through this link, the affiliate hacker earns money.
Symantec notes that for some reason these pages only appear on mobile browsers. When visiting the URLs on a desktop or laptop they bring up a random Facebook users' profiles.
It’s thought that the hackers use the login credentials found in massive leaks, such as those from the LinkedIn and Tumblr breaches, to gain access to the Instagram accounts, thanks to the practice of reusing the same credentials on multiple sites. The hijacking of Mark Zuckerberg’s Twitter and Pinterest accounts was said to have come from the LinkedIn leak, where it was discovered the CEO used the password “dadada.”
“While we do not know how these accounts were compromised, we suspect that weak passwords and password reuse are the cause,” Symantec said.
When a person’s Instagram account is hacked, the attackers always change the password. The owners often don’t report the breach and simply create a new profile, leaving their original accounts up and running. Symantec urges all users to activate two-factor authentication and report any hacked accounts to Instagram.