by Christian Duque
To date we have seen countless bodybuilders and influencers lose their Instagram accounts for no apparent reason. No terms of service were violated. There were no warnings of any sort. No one complained and no one was offended. Some have two-party authentication where accounts enjoy extra security. Others have even tighter security controls. None of the affected users have bought followers or given out their passwords. In some rare cases, users have put their contact info in their bios, but they comprise only the exception. So what gives? Why are so many people losing their accounts to would-be hackers?
Is Instagram making any kind of effort to stop these criminals from wreaking havoc on countless account owners? That’s an interesting question in and of itself. We’ve all seen Facebook bigwigs paraded in front of congressional subcommittees and even in front of the U.S. Senate. The fact is very little comes from these appearances. The government grills the tycoons. The tycoons in turn hire powerful legal teams who either assist their clients in evading direct examination or offer up some of the vaguest answers just short of contempt. The fact is it’s all just for the cameras. Nothing comes from these hearings and in the end we’re all left to the mercy of powerful social media platforms’ whims.
As it turns out hackers are given free reign to breach accounts and then offer to sell them back to their victims. They don’t even bother using independent means to contact those affected. They’ll use the IG DM feature to tell an account-holder they’ve been locked out and they can pay to regain what’s theirs. They don’t care about being tracked, much less prosecuted.
Interestingly, these hacker attacks are isolated to Instagram only. To date, I’ve never heard of this happening to someone’s Facebook or WhatsApp. Since all three companies are owned by the same people it stands to reason they’d all share in the latest innovations in cyber security. The reason hackers are targeting IG could also be because it’s the most popular platform of the three. What’s especially troubling is the amount of business folks do on the Gram. While credit card and Paypal information isn’t completely up for grabs there’s enough details stored on these apps to help would-be hackers piece highly confidential information together. That’s because cyber terrorists don’t just stop at IG. They want all your passwords. If they’re able to crack one platform’s password chances are they’ll try for multiple ones. Their goal is money – your money. This is why victims should never enrich their attackers. To quote the great Ronald Reagan, “America doesn’t negotiate with terrorists,” – nor should you!
Imagine losing access to your IG. Then starting a new account and slowly trying to rebuild. Out of nowhere you get a DM from your old account asking you for $100, $150, or more to regain access. Chances are the hackers have figured out a way to gain access to your phone and/or email. When it comes to your phone, they may not actually be in your device, but if they know the number you registered the account with they can cloak it with a dummy number that receives texts and cuts you off at the pass. Let’s say you try to get a new password link – the hackers will have it before or at the same time you do. What’s equally troubling is that pleas to IG usually fall on deaf ears. Even though they’re generating millions of dollars in ad revenue and other paid services, they don’t have anywhere near the number of employees necessary to address pressing issues such as these. I have seen account owners (e.g. contest promoters and company owners) who have directly spent tens of thousands of dollars and have zero means of recourse when their accounts are either compromised or downright stolen. That wouldn’t happen anywhere else so why is it able to happen on a Facebook-owned application?
Just recently, IFBB Pro Tonio Burton lost his IG. He even posted the DM trying to extort him for money. I have seen these types of shakedowns many times before. My good friend Nurse Kim had a similar situation with a hacker that shut down her main page and then tried to shut down her secondary page. When she figured out what her mistake was and corrected it, the hacker never came back. And “her mistake” wasn’t even something major.
When dealing with any app you cannot bank on the fact that the designers and programmers have your security as their top priority because they don’t. In all honesty, their number one goal is to make money and make their platform as convenient as possible. If it’s a question between security and user-friendliness I suspect that many programmers will opt for the latter as opposed to the former.
These apps are intended to be relied upon by the masses. If say 2-4% of users get royally screwed, they’re ok with that as long as 96% are glued to it. I think most people would be in for a huge surprise if they did an audit of their weekly cell usage. And it’s not even the amount of time spent on each, as many apps are running 24/7 and tracking everything in the background. They track where you are, what sites you visit, even how often your phone is active. Whereas cookies have to be accepted or rejected when visiting websites, apps generally ask once and then never again. There’s all sorts of statistical data to be documented and studied. And who’s to say the hackers don’t have access to this as well. Be paranoid. Be very paranoid. It pays!
After all, why are some accounts targeted and others spared? What makes an account low hanging fruit to a cyber extortionist? In many occasions it all starts with shady DM’s and/or nosy users looking to gain info. Social media users should be mindful of a wide range of possible red flags. Never click on links of any kind. Never share contact information. Never import contacts to social media apps – especially not contacts from your phone. Use two-party authentication where any changes must be confirmed with your email and phone. Try to use passwords that include various types of characters, don’t store passwords on your desktop, and also try to change passwords from time to time. Even if you do all of these things your account might still be compromised but at least you’re taking some precautions. No one is immune from the shakedowns but if and until Facebook gets its act together it’s better than nothing. It’s also more than just getting their security tighter, it’s also about prosecuting hackers. While some of these bums might be abroad, some might live just a few houses down from you. Hackers can be anywhere. Always remember that.
You have got to take precautions and this is not to say that victims didn’t. Just be careful. Also, don’t feel obligated to open messages that IG flags or requires you to consent before opening. One extreme option that works for many is making your IG private. This is highly effective for security purposes but very counterproductive if you’re working with a company or looking to expand your audience. In the end each person has to come up with their own game plan. Till then, I wish you all luck and really truly hope IG cracks down on the hackers and extortionists!