Can you imagine logging into Instagram and finding all of your photos deleted?
Until recently, a hacked Instagram account sounded like a nightmare only celebrities with 7-digit follower counts needed to fear. Then, in late August of 2017, a bug in Instagram’s API briefly allowed hackers to access user emails and phone numbers from the app.
According to the Daily Beast, hackers are claiming to have obtained information from as many as 6 million users and database of hacked user data has been created. Dubbed Doxagram, it can be searched for a $10 fee, and contains contact info for a variety of high-profile Instagram users.
"Instagram clearly hasn’t yet understood the full impact of this bug,” one of the people behind Doxagram told the Daily Beast. On September 1, Instagram CTO Mike Krieger released a statement saying that they had fixed the bug, and that they believed only “a low percentage of Instagram accounts” had been affected. But for an app with 700 million users, even a low percentage of accounts is still a big number.
Once hackers have your email and phone number, gaining control of your Instagram account is a no-brainer.
Once hackers have your email and phone number, gaining control of your Instagram account is a no-brainer. Event though taking over the accounts of regular users doesn’t hold the same kind of appeal as bringing down Instagram’s most-followed user, Selena Gomez, who was hacked, there are reasons hackers still want your account.
In a common scam that has been around for the last year, hackers take over legitimate accounts in an effort to point your followers to adult websites. A quick Google search of “Instagram hack” produces video and text tutorials for breaking into a user’s account.
Luckily, Instagram has rolled out two-factor authentication, which does a better job at authenticating logins, and has made it easier to report a hacked account, according to an Instagram rep.
Art director Victoria Nanowski found about about the scam the hard way recently when she started receiving messages from friends and co-workers that her feed, which previously showcased photos of flamingos, cacti, and colorful textiles, had been replaced with naked women. When she tried to log in, Nanowski found the hacker had changed her name, password, profile photo and email (a common tactic in this scam).
“I quickly searched for what to do and found hundreds of people had experienced the same problem with nowhere to turn to. All I could do was fill out a form and hope that Instagram would contact me back,” Nanowski said.
When she heard back from Instagram about an hour later she was able to log into her account, but the damage was already done—all of her posts were deleted, and hundreds of followers had seen the lewd images (including her boyfriend’s mother).
The designer said that she sent Instagram many more messages about reactivating her old posts, but she never heard back. Ultimately, she ended up re-posting all of the photos herself.
“For me, the problem was never with the photos . . . What I can’t bring back is the curated content, all the likes, all the comments, all the things associated with those moments,” Nanowski said, adding that she “diligently” saves all of her photos.
What I can’t bring back is the curated content, all the likes, all the comments, all the things associated with those moments.
Mike Ferrier, Format’s chief technology officer, said he hears stories like Nanowski’s all the time.
“It’s definitely a very frustrating experience for the victim,” Ferrier said. “But it’s important to understand that, from Instagram’s perspective, whomever owns your email account owns your Instagram account.”
With so many people potentially vulnerable to Instagram hacks, it can also be hard to get the help you need to regain control of your account. “If your Instagram gets hacked, you’re at the mercy of dealing with a giant faceless corporation than has hundreds of millions of free users,” Ferrier said. “They have very little time or motivation to help you recover your account.”
As CTO of Format, Ferrier deals directly with issues like customer account hacks. For Format users who rely on the platform to showcase their work and connect with clients, security is a priority. Ferrier’s team deals with these issues by addressing each customer issue individually.
“Format is a company with only paid users, no free users, so our customer success team compared to Instagram is night and day,” Ferrier said. “We’re super friendly and responsive—our average response rate is under one hour—and if you get hacked we have a process to verify account ownership, outside of what email you’re using.”
Of course, the best way to keep your photos safe is to protect yourself from hacks in the first place. Luckily, there are a couple simple steps you can take right now to make your account safer.
Here are Ferrier’s three tips to make sure your account is as secure as it can be:
1. Enable Two-Factor Authentication
All the major social networks currently support this, and it prevents someone who gains access to your account and email from taking over your social media as well. After you turn this feature on, you’ll need to use a one-time code from an app on your phone (or an SMS) to login to Instagram. That way, anyone who tries to log on to your account will also need your phone. It’s an extra layer of security that can go a long way.
2. Don’t Reuse Passwords
3. Use a Strong Password
Make sure your password is at least 12 characters long (15 or more is even better). It’s the length, not the complexity, that makes a password secure. For example, Ferrier said that an eight-character password like “e0&b5#x!” seems very complex, and a 22 character password like “hellotheremynameismike” seems easy to break. However, the former can be broken in minutes, while the latter “would take much more than a lifetime for a computer to break.” Again, password managers can make this easy on you by generating and saving long passwords automatically.
Want more Instagram advice? Click here to download our free 40+ page PDF on how creatives can use Instagram to grow their business.