According to Mashable, a number of people have reported having their Instagram accounts hacked this month, with many of these hacks appearing to have taken the same approach.
The report noted that users found themselves logged out of their accounts with their handle, profile image, contact info and bios all having been changed. When they tried to reset their passwords they discovered that their recovery email addresses had been set to .ru accounts. Some even had their two-factor authentication turned off by hackers.
Though Instagram, which has more than 1 billion users, says it hasn’t seen an uptick in hacks, a search of Twitter data suggests otherwise. Twitters users have directed approximately 798 tweets to Instagram’s official account with the word “hack” since the beginning of the month, compared with about 40 tweets during the same period in July.
Though Instagram has a section in its help center dedicated to hacked accounts and what to do when faced with one, Mashable’s sources say that it has been less than useful. “The maze that Instagram sends you on to get your account back is laughable and leads to broken/dead links and emails from robots which lead nowhere,” Abagail Nowak, a hack victim, told Mashable. One source said that they were able to restore their account but that doing so was an “extremely stressful” process.
Having a unique code sent to a phone “or leveraging a constantly changing pin code via an app” ensures that a hacker who’s lifted a password “will have difficulty getting into your account,” said Travis Smith, principal security researcher at Tripwire, who suggested using “strong and unique passwords for each account” to “minimize the chance that an attacker will re-use passwords from other breaches on accounts you’ve protected more heavily in the form of two-factor authentication.”