Hundreds of Instagram users are reportedly experiencing an apparently coordinated hack, leaving them with their accounts hijacked and personal information altered – all the while account restoration efforts seem to lead nowhere.
Mashable first reported on Monday about the apparent account-takeover spree that has been under way since the beginning of the month. The mass compromise shares a few commonalities – the affected users are suddenly logged out of their accounts, their bios and personal and contact details are deleted, and their associated email address is changed to one with a .ru domain.
Additional common threads include the fact that the hackers haven’t made new posts or deleted old ones on the hijacked accounts. What they have done in many cases, however, is replace profile photos with Disney- or Pixar-themed film stills, as per a BBC report.
There are even anecdotal reports that, in several cases, the accounts were taken over despite the users having two-factor authentication (2FA) enabled.
The victims have flocked to Instagram’s Twitter feed, asking the photo-sharing service for help. Many of the affected users have vented their frustration at the largely automated post-hack account-recovery process leading nowhere.
The claims have prompted a probe from Instagram, which said on Tuesday that it is “aware that some people are having difficulty accessing their Instagram accounts”.
Last month, the site, which has more than a billion users, said that it would beef up its 2FA settings. The photo-sharing site is set to introduce options beyond SMS-based 2FA, which is generally seen as prone to subverting, although it’s probably better than nothing.
Instagram accounts are no strangers to mass compromises, as a hack from September 2017 that we also wrote about showed. In addition, beyond Instagram’s security tips, be sure to pay attention to our own set of things to remember when using the platform.