Affected users report that the domains of the email addresses linked to their accounts were changed to .ru.
Cyber security organization experts report that a growing number of Instagram users have been attacked in a hacking campaign, leaving hundreds of social network users disconnected from their accounts and struggling to return the content of their profiles back to its regular state.
The email accounts of the affected users were logged out from Instagram. When they tried to log in again, they found that their username, profile photos, password and linked Facebook account had been modified. The domains of email addresses linked to their Instagram accounts were changed to a .ru domain, a sign that the attack could come from Russia, or someone impersonating a Russian hacking organization.
Other features of the attack include deleting bios, and changing the profile photo of the user for an image of a character from a Disney or Pixar movie. No one has confirmed the source of the attack or how the attackers got access to these accounts. Although the attackers have not removed the photos from any profile, the fact that they have edited the contact information makes it difficult for users to retrieve access to the account.
As for Instagram, a social network spokesperson stated: “We work hard to provide the Instagram community a safe experience. When we realize that an account has been compromised, we shut down access to the account and the affected people have to accomplish a recovery process so that they can reset their password and take other measures necessary to protect their accounts”.
Instagram published a guide on how to restore affected accounts and revoke access to third-party apps. However, users have complained about how frustrating the process of recovering their accounts is. Via Twitter, a user reported having taken five days to recover his account; while another user said he had waited nearly two weeks.
Among the possible causes, cyber security organization experts from the International Institute of Cyber Security commented that the accounts might have been exposed to attacks due to the lack of two-factor authentication (2FA), fragile password security, or successful phishing campaigns.
Cyber security organization experts explain that when a person’s social network accounts become the target of hackers, the accounts can be used to send messages with malicious content to the victim’s contacts, or to post spam and unwanted links on the intervened timeline.