Hiring Private Hackers Is a New Trend That Instagram Influencers Are Starting
For most of us, social media is a clever way of staying in touch with friends and relatives, seeing what everyone else is up to, and, last but by no means least, sharing videos of sneezing cats. For some people, however, social media is a full-time job.
We're talking about users who spend a lot of time on social networks, and in this particular case, Instagram. Their accounts are followed by thousands of people and are at the center of whole online communities. You probably know what happens when they post a selfie of themselves holding a can of a particular brand of energy drinks. Advertisers certainly do.
For the sake of simplicity, these Instagram users are not called "people who receive money for using a lot of hashtags". Instead, they're known as "influencers", and for many of them, "influencing" others is their only source of income. As you might have guessed, these are the last people that want to see their accounts getting hijacked. Unfortunately, some of them have been through that very experience.
Hijacking an Instagram influencer account – a simple, and (potentially) profitable endeavor
Instagram accounts get compromised every day. Sometimes, the hackers break in because users opt for a simple password, and sometimes, they do it via a credential stuffing attack. In the case of the few influencers that spoke to Motherboard, however, the crooks were on a phishing expedition.
The victims received emails that looked like legitimate business proposals coming from equally legitimate advertisers. The messages contained a link that was supposed to redirect the influencers to the sender's real Instagram account. Instead, however, they were presented with a login form that, as they later found out, was fake.
Armed with the login credentials, the criminals changed the email addresses associated with the accounts as well as the passwords. They later contacted the victims and asked for a ransom of about $300 worth of bitcoins. According to Motherboard, even though some influencers decided to pay the money, their accounts still got wiped out.
Recovering access to your Instagram account isn't as easy as it should be
There is a relatively painless way of resetting an Instagram password, but it only works if the user has access to the account's email address, which meant that the affected influencers couldn't go down that path.
Motherboard did mention that Instagram has a mechanism of regaining access to an account which involves a selfie with a code sent via email. Supposedly, the picture is examined by human moderators who compare it to older photos on the affected account and assess whether the selfie was sent by the owner. According to the victims, however, the system is far from perfect.
They complain that when they started following the steps, they received quite a few computer-generated answers and not much actual help. Because money was at stake, this was a rather big problem for them.
Influencers hire hackers to help them get back into their own accounts
Frustrated, many of the victims appear to have turned to a person going by the name Juan Diego J Pelaez. Pelaez is from Colombia and claims to be "an Instagram expert" who supposedly knows the account recovery mechanism inside out. Before he helps victims get their accounts back, he asks them for their email password, and most of his "customers" apparently felt uncomfortable with this initially. Many of them claim, however, that he helped them get their profiles back. On a couple of occasions, this happened after the bad guys themselves caved in and sent victims their passwords. According to Pelaez, this happened after he "attacked" the crooks' devices.
This brings us over to the age-old dispute of whether "hacking the hackers" is a good idea. There are obvious questions around the legality of such actions, and there is a vast range of opinions on whether it's the right thing to do. That's without even mentioning the fact that in some cases, the goal of such attacks is pure retribution, and not helping a user in need.
There's no argument on one thing: Instagram needs to improve its account recovery mechanisms, and it needs to do it quickly. For what it's worth, a spokesperson for the social network told Motherboard that they are working on this, but we'll have to wait and see what the results will be.