Hacked Instagram Accounts Used in an Ad Scam

Filling dummy social media accounts with nude photos and pornographic material isn’t anything new, but a recent hack went a little further. The security breach filled already existing accounts with NSFW pictures and ads. The attack was carried out by bots.


Specifics of the Instagram Hack

Symantec reported the attack. In the last few months, the company has noticed an increase in hacked accounts. Once the accounts get breached, the bots fill them with pornographic content. The bot also modifies the usernames, profile pictures, real names, profile bio, profile link, and, of course, adds NSFW photos. The profiles also get plastered with ads for adult/ casual sex websites.
The passwords of the hacked account also get changed without the owner’s knowledge. If your Instagram password was changed without your involvement, your account might be hacked.
Recently, however, the hackers stopped the username changes and photo uploads. It’s still unknown whether they just got lazy with their hacking, or if there’s a more practical reason. It’s weird either way.
The whole hack is most likely an advertising scam. It aims to promote the adult sites it links to.

How were the Instagram accounts hacked?

Symantec suspects that the Instagram hack may have been carried out with the help of already existing data dumps. It’s also very likely that weak password discipline of users may have assisted the hackers. There have been millions of accounts hacked in almost all social media sites. That data is very helpful to crooks in this type of attack.

Advice for Instagram security

Symantec writes: “Earlier this year, Instagram began rolling out two-factor authentication to its users. This account security feature would prevent the scammers in this campaign from taking over accounts. However, not all Instagram users have this feature available to them. Users can check to see if the option is accessible by tapping the wheel icon on their profile.” Two-step verification was also recommended in the recent hack of 15 million Telegram users. Along with a strong password; it’s the best way to protect your accounts. Also, if your account was hacked, try to contact the Instagram support team and see if they can get their profile back. If you have switched profiles, it might be prudent to check out if your old account hasn’t been hacked.

Tips for passwording

Here are the seven deadly sins of password making;

  • Making a short password
  • Making a simple password (a.i. a dictionary word like fish or hospital)
  • Not using symbols or capital letters
  • Using the same password for a long time
  • Reusing the same passwords for different accounts
  • Setting your password to 123456789
  • Setting your password to password

The last three password sins are the worst and increase the chance of hacking by a huge margin. If one of your accounts gets breached, then crooks can connect the dots and reuse its password the same way you did. Don’t do it. Ever! Also, 123456789 and password are the first options any hacker would try when breaching an account. Sadly, they’re still in wide circulation. Not sinning while creating your password will improve your cyber-security immensely.

Was this content helpful?

Author : Joseph Steinberg

Joseph Steinberg is the editor-in-chief, lead content creator, and local father figure of Best Security Search. He enjoys hiking and rock climbing and hates the 12345678 and qwerty passwords.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *