Hackers Hijack Instagram Accounts to Steal Tens of Thousands of Euros

Share this…

Two teenagers were behind the whole hacking scheme. At the end of last week, Dutch police arrested two suspects on allegations of hacking multiple Instagram accounts and then using them to request illegal payments for advertising services.

The two suspects, yet unnamed, are of 18 and 19, from Alblasserdam and Boskoop, two neighboring cities near Rotterdam and the Hague.

The two teenagers are accused of sending spear-phishing emails to their victims, imitating authentic Instagram notifications, asking users to log into their accounts.

Teenagers hacked hundreds of accounts

Hackers Hijack Instagram Accounts to Steal Tens of Thousands of Euros

Using this simple technique, the teenagers recorded the passwords of hundreds of Instagram accounts. Police say that the teenagers specifically targeted owners of Instagram accounts that had thousands of followers.

Once in possession of a prominent account’s password, the teenagers would then contact companies, offering them the ability to advertise to the account’s followers.

The practice of posting Instagram (Twitter or Facebook) posts depicting a company’s products is well known, and multiple online celebrities get paid, often with tens of thousands of dollars per social media post.

Dutch broadcaster NOS reports that the two youngsters made tens of thousands of euros peddling advertising opportunities to several companies on the hacked accounts.

The hackers used the hijacked accounts to post ads for various products

Once they had an offer, they would log into the hacked account, post the advert, and cash in the money, which they would later exchange to Bitcoin.

“These companies [advertizers] probably didn’t realize that they were dealing with hackers,” a police spokesperson told NOS. “They [the hackers] made decent amounts [of money].”

Police are saying that the teenagers didn’t limit themselves to Dutch Instagram accounts and hacked profiles belonging to users in other countries as well.

All of the hacked accounts didn’t have 2FA (two-factor authentication) turned on, which made the hackers’ job a lot easier.