Internet

Insta-Hacked

I like to think of myself as being rather geekily inclined.  Certainly I’m no stranger to hacks and people doing surreptitious things online.  Even so, I managed to become a victim of the latest (and not so greatest) hack that’s being perpetrated on Instagram in the past few months.

In the hack, someone asks for your assistance in ‘getting their account back’, or manages to dupe you into accepting a text message from them, that includes a link.  What you’re unaware of (and they usually tell you several times NOT to click on it) is that the link they’re sending you is a password reset of YOUR account, not theirs.  While you’re being distracted by their claiming (after you screenshot the link and copy it to them via Instagram) that nothing is yet happening, either they or someone they’re working with are behind the scenes, logging into your account and kicking you out.  Instagram almost wholly allows them to do this, because they’re utilizing a security process whereby under normal circumstances you can get back into your account if you somehow locked yourself out by processes that might be completely innocent.  Once they’ve gained access, they then change your password, change your email address and then to add insult to injury, enable the two-step verification, making it nearly impossible for you to legitimately regain access to your account.

So, this is what happened to me.  It was this past Saturday, I was getting ready for work and not paying attention.  Too, I was on my tablet, which doesn’t have email access, and the hackers lucked into a perfect situation.  Someone on my followers list (I’m not going to list the account here, as it wasn’t her but they perpetrating the hack) messaged and said innocently enough ‘Can you do me a favor?  I’ve been locked out of my main account and need assistance getting back in.  Instagram isn’t being helpful.’  Which as we will learn later, is all too often the case.  Instagram, being a program under the umbrella of Meta, doesn’t have what one would call a customer service system.  They do, but not to you and me.  IF I had millions of followers and this happened, they’d be falling all over themselves to assist.  Me, with my measly 300+ followers, no such luck.

Getting back to the situation.  I should have ignored the message, but it tugged on my heart strings just the right amount (classic damsel in distress issue) and I thought, what could be the harm?  [Well I found out just how much harm in the next couple of days.]  But, I digress.

So I bit at the apple and went to work, after (stupidly) telling the hacker I was going to be out of touch for 8 hours, since I was going to work.  So they had plenty of time to do what they were going to.  And they went ahead and did their dirty work.

By lunch time, when I went to check on my IG account, I was logged out.  I tried to log back in but my password didn’t work.  I didn’t have a lot of time to do anything, so I figured it was a glitch, and I’d fix it when I got home.  But that didn’t work either, and it was the weekend, which definitely worked in the favor of the evil doers.  After trying many different things, I went to my email program and discovered that my email address on the account had been changed.  So I couldn’t get a reset code to work, as I no longer had access in that manner.  Going to help service online was frustrating, because the hackers had instituted the two-step verification, thwarting my attempts at getting my account back.

Emailing the new owner of the account would be pointless, they weren’t interested in giving it back, so that avenue wasn’t possible.  I did have a Facebook account at one time connected to the IG account, but had long ago discontinued it so they were unable to hack that as well.  As I later learned, I might have been able to regain access if I DID still have the two connected, since the FB account had the 2-step verification active, hence there wasn’t a way for the assholes to gain access to that as well.

Back to the issue at hand.  Going through IG’s medieval, laughing-stock of a help service wasn’t doing me any good.  I went to YouTube and started watching videos of others’ experiences, but after understanding that this type of hack has been going on for many months, and there ARE ways of getting one’s account back, usually they include being able to get Instagram to do basic facial recongition through the use of a video you make and pictures on your account of yourself.  Generally people do have pictures of themselves, and that helps.

In my case I used the account for BDSM purposes mainly and having my face on the account wasn’t a big priority.  So in essence I screwed myself out of getting the account back there too.  I did try to report the account as being fraudulent, in that it was impersonating me, but IG shot that down.  The hacker is using the ‘story’ feature to spam the account (and my followers list) so that none of the ‘new’ posts stay on the account.  They’re covering all the angles, and being very surreptitious in making sure they stay in control of it.  Pissing me off in the process.

I did find a video on YT that said there’s a way of getting the account back, but it’s so involved I’d be hard pressed to be able to do anything about it.  Basically I’d have to turn my life upside down in order to be ready when (or if) Instagram would give me the opportunity to get the account re-registered to me.  I don’t have large chunks of my day to spend waiting for an email or message to show up.  I can’t carry my phone at work, so that negates time that might be THE TIME when IG is allowing me access again.  At this point I’m going to use my pet’s account, message my followers outside of the account itself (through a new account that I created) and ask them to either block the account or stop following as the account IS compromised and apparently will remain so.

It would be nice if a multi-billion dollar company like Meta/Facebook could treat ALL of their customers the same, but that’s never been the case, and it never will be.  They tout how wonderful it is to have free access to social media, but if there’s ever a problem, they tend to wash their hands of it, unless it’s affecting someone that’s contributing a great deal to their bottom line.  Everyone else can pretty much go pound sand.

I’m sorry this happened to me, and to the people that follow me on Instagram.  Just managed to lose a little more of my trust and innocence over the last week.  Whoever you are, hacker;  Fuck you.

 

Tumbling Tumblr

Admittedly I don’t have a huge social media presence, but I am on quite a few platforms all the same.  One of the ones that I use (or have been using) almost daily is Tumblr.  Though I don’t admittedly use it for vanilla purposes, and in the next 10 days it’s going to get sidelined.  You may or may not have heard of this, but the company that owns the platform; Oath, has decided to eliminate ALL adult content on the service.  Which means, if anything that even slightly looks like porn, it gets pushed off the service.  Meaning probably deleted, along with the offending account that posted it in the first place.  As you can imagine, this is causing a great deal of bruhaha with the majority of people who have such material in their accounts.

Fortunately, I’ve dealt with this sort of thing before.  A few years ago, the website Bondage.com went under, simple because it was considered extraneous, to the company that owns AdultFriendFinder.com.  Of course, it wasn’t just the website that was going under, there was an IRC (Internet Relay Chat) server attached to it as well.  And this server had been working for better than 10 years, so you can imagine there was a pretty big community on it.  IRC servers by and large predate the Internet as it’s known today.  It’s a chat service that’s considered very ‘old school’.  It’s all done by text, you must have a bit of computer know-how to get onto one, and since that’s the case, you tend to get a different grade of person that’s connected.  Very few bright eye’d sorts, think more earthy, down-to-earth, the ones’ that have been around a while and seen a lot of things.

When the news came along, there wasn’t too much time to make any sort of plans, the clock was most definitely ticking, much the way it is now with Tumblr.  More than a few enterprising folks took it upon themselves to code up new IRC servers, but without significant outlay of $$, it didn’t take long for most of them to go under.  An IRC server isn’t something you code on a whim, it takes time, hardware and moolah.  Not a lot, but server space isn’t necessarily cheap.  And dedicated bandwidth to run it also costs a good nickel, don’t let anyone fool you.  Tally in the fact that you need more than just yourself to police it, because there are going to be unsavory characters more than happy to glom onto your spanking new IRC server and drown it, just on a whim, or so they said that they did.

Getting back to the topic at hand, I’ve been sort of watching from the sidelines on this one, seeing the posts interspersed with ones giving Oath/Verizon the finger etc. telling people where to go for similar service, how to back up their Tumblr accounts (Tumblr itself is making it difficult for people to archive their stuff) while I did a little searching on the web for a suitable program or manip in order to move my account from web to hard drive.  A couple of days ago, my efforts bore fruit.  I discovered a freeware program that’s been out for a couple of years, it’s kind of a ‘quick and dirty’ program but it gets the job done.  No frills, but then again it’s free so who’s quibbling?  Once I understood how it worked, it took all of about an hour to pull my accounts off of Tumblr for good.  It doesn’t hurt that I have 16 TB (TeraBytes) of hard drive space at my disposal.

I’m really not going to comment on what caused the problem, how it could have been more easily dealt with, instead of Verizon choosing the nuclear option.  I’m just glad I was able to get my things off the web and into a safe spot.  Yes, and make a little rant at the same time.  *Shrug*  I think I’m due.