Disclosure: This post may contain affiliate links. This means that at no cost to you, we may earn a small commission for qualifying purchases.
Instagram was hacked, and users are currently caught up in a mysterious hacking epidemic that seems to be linked to Russia.
There’s been a growing number of reports coming from users who are saying that they have been locked out of their accounts and no one seems to know the reason.
A report by Mashable reveals that Twitter users tweeted Instagram’s account with the word hacked 789 times in August and compared to the same period in July when these words appeared 40 times, this is quite a lot.
The article notes a similar jump in hack reports on Reddit.
And search traffic tracker Google Trends highlights some curious jumps in searches for the term “Instagram hacked” on August 7 and 11.
Mashable spoke to half a dozen Instagrammers who were all hacked and had their accounts were linked to Russian email addresses.
Speaking to The Sun, Andy Norton, director of threat intelligence at Lastline, said the following:
“There are many choices for email service providers, and there are quite a few .ru providers. Possibly the attacker is comfortable in the Cyrillic language as list.ru has been used in one example.”
Attackers accessed highly secure accounts
The concerning thing is that hackers have been gaining access to accounts that are technically secure.
Some of these have two-factor authentication which means that you not only need a password to log-on, but you also need a unique code sent over email or text message, too.
This is to prevent hackers who guess your password from getting into your account. Anyway, it seems some of them have found a way to bypass these safeguards.
“Although most of the accounts that have been taken over do not use 2FA, there have been anecdotal reports that some of the accounts were using this security option,” Rob Shapland, Principal Cyber Security Consultant at Falanx Group, told The Sun.
“Although this is an excellent security control and should always be used, it’s not foolproof and can be defeated if someone is either able to take control of the mobile phone number that receives the text message code.”