Multiple Instagram users have been locked out of their accounts and claimed to be unable to re-establish their access.
According to the victims, once criminals have hijacked an account, they are changing the account’s nick-name, profile picture, email, and phone number making it almost impossible to restore access.
Instagram has already published a statement here.
“So far, there is no valid data on exactly how criminals are gaining access to people’s Instagram profiles, but the most common method for this sort of attack is via phishing. During this year alone, Kaspersky Lab products have prevented about 68,000 attempts to visit phishing pages using the Instagram brand.
Interestingly, at the end of July, a couple of weeks before the hacking wave, we witnessed a spike in this attack vector: on 31 July, the number of phishing attacks skyrocketed from around 150 per day to almost 600.
In many instances, Instagram users themselves are the vulnerability that hackers are looking for: they give out their credentials by entering them into phishing websites, uncertified apps, and replicas of authentic pages.
“Due to its popularity, Instagram has always attracted a high amount of fraud — the number of people using the platform is now more than a billion. Once a criminal has hacked into a user’s account, they can access that user’s personal data and their correspondence. And the user’s profile can be turned into a source of malicious content, phishing, and spam,” says Nadezhda Demidova, security researcher at Kaspersky Lab.
To stay safe, users are advised to take the following steps:
- Do not click on suspicious links
- Check the address of the page where you plan to enter your personal information
- Use only the official social networking app installed from a trusted source
- Do not share your account login information with third-party apps