I like to think of myself as being rather geekily inclined. Certainly I’m no stranger to hacks and people doing surreptitious things online. Even so, I managed to become a victim of the latest (and not so greatest) hack that’s being perpetrated on Instagram in the past few months.
In the hack, someone asks for your assistance in ‘getting their account back’, or manages to dupe you into accepting a text message from them, that includes a link. What you’re unaware of (and they usually tell you several times NOT to click on it) is that the link they’re sending you is a password reset of YOUR account, not theirs. While you’re being distracted by their claiming (after you screenshot the link and copy it to them via Instagram) that nothing is yet happening, either they or someone they’re working with are behind the scenes, logging into your account and kicking you out. Instagram almost wholly allows them to do this, because they’re utilizing a security process whereby under normal circumstances you can get back into your account if you somehow locked yourself out by processes that might be completely innocent. Once they’ve gained access, they then change your password, change your email address and then to add insult to injury, enable the two-step verification, making it nearly impossible for you to legitimately regain access to your account.
So, this is what happened to me. It was this past Saturday, I was getting ready for work and not paying attention. Too, I was on my tablet, which doesn’t have email access, and the hackers lucked into a perfect situation. Someone on my followers list (I’m not going to list the account here, as it wasn’t her but they perpetrating the hack) messaged and said innocently enough ‘Can you do me a favor? I’ve been locked out of my main account and need assistance getting back in. Instagram isn’t being helpful.’ Which as we will learn later, is all too often the case. Instagram, being a program under the umbrella of Meta, doesn’t have what one would call a customer service system. They do, but not to you and me. IF I had millions of followers and this happened, they’d be falling all over themselves to assist. Me, with my measly 300+ followers, no such luck.
Getting back to the situation. I should have ignored the message, but it tugged on my heart strings just the right amount (classic damsel in distress issue) and I thought, what could be the harm? [Well I found out just how much harm in the next couple of days.] But, I digress.
So I bit at the apple and went to work, after (stupidly) telling the hacker I was going to be out of touch for 8 hours, since I was going to work. So they had plenty of time to do what they were going to. And they went ahead and did their dirty work.
By lunch time, when I went to check on my IG account, I was logged out. I tried to log back in but my password didn’t work. I didn’t have a lot of time to do anything, so I figured it was a glitch, and I’d fix it when I got home. But that didn’t work either, and it was the weekend, which definitely worked in the favor of the evil doers. After trying many different things, I went to my email program and discovered that my email address on the account had been changed. So I couldn’t get a reset code to work, as I no longer had access in that manner. Going to help service online was frustrating, because the hackers had instituted the two-step verification, thwarting my attempts at getting my account back.
Emailing the new owner of the account would be pointless, they weren’t interested in giving it back, so that avenue wasn’t possible. I did have a Facebook account at one time connected to the IG account, but had long ago discontinued it so they were unable to hack that as well. As I later learned, I might have been able to regain access if I DID still have the two connected, since the FB account had the 2-step verification active, hence there wasn’t a way for the assholes to gain access to that as well.
Back to the issue at hand. Going through IG’s medieval, laughing-stock of a help service wasn’t doing me any good. I went to YouTube and started watching videos of others’ experiences, but after understanding that this type of hack has been going on for many months, and there ARE ways of getting one’s account back, usually they include being able to get Instagram to do basic facial recongition through the use of a video you make and pictures on your account of yourself. Generally people do have pictures of themselves, and that helps.
In my case I used the account for BDSM purposes mainly and having my face on the account wasn’t a big priority. So in essence I screwed myself out of getting the account back there too. I did try to report the account as being fraudulent, in that it was impersonating me, but IG shot that down. The hacker is using the ‘story’ feature to spam the account (and my followers list) so that none of the ‘new’ posts stay on the account. They’re covering all the angles, and being very surreptitious in making sure they stay in control of it. Pissing me off in the process.
I did find a video on YT that said there’s a way of getting the account back, but it’s so involved I’d be hard pressed to be able to do anything about it. Basically I’d have to turn my life upside down in order to be ready when (or if) Instagram would give me the opportunity to get the account re-registered to me. I don’t have large chunks of my day to spend waiting for an email or message to show up. I can’t carry my phone at work, so that negates time that might be THE TIME when IG is allowing me access again. At this point I’m going to use my pet’s account, message my followers outside of the account itself (through a new account that I created) and ask them to either block the account or stop following as the account IS compromised and apparently will remain so.
It would be nice if a multi-billion dollar company like Meta/Facebook could treat ALL of their customers the same, but that’s never been the case, and it never will be. They tout how wonderful it is to have free access to social media, but if there’s ever a problem, they tend to wash their hands of it, unless it’s affecting someone that’s contributing a great deal to their bottom line. Everyone else can pretty much go pound sand.
I’m sorry this happened to me, and to the people that follow me on Instagram. Just managed to lose a little more of my trust and innocence over the last week. Whoever you are, hacker; Fuck you.