Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Hackers demand ransom from hijacked Instagram influencers

02 Oct 2018 1 Instagram, Phishing, Privacy, Security threats, Social networks

Post navigation

Previous: Lock screen bypass already discovered for Apple’s iOS 12
Next: The Facebook dilemma – stick it out or pack it in? [PODCAST]
by Danny Bradbury

Hackers are taking over high-profile Instagram users’ accounts and holding them to ransom, it was revealed this week. At least four influencers have lost control of their accounts and received demands to send bitcoin for their return, but in some cases the attackers retained control or deleted the accounts.

Motherboard reported that Los Angeles-based fitness Instagram influencer, Kevin Kreider, lost control of his Instagram account and more than 100,000 followers after falling victim to a phishing scam. The account hijackers sent him a fraudulent email offering a sponsorship deal with French Connection that took him to a fake Instagram portal which then stole his account details.

Cassie Gallegos-Moore, who used the Instagram handle theadventurebitch, blogged about losing her account to hackers who changed the email used to access it. They temporarily blocked the account and demanded a ransom, threatening to delete the account entirely within three hours if she did not pay. Gallegos-Moore, who had 57,000 users on her account, sent them $122 in bitcoin.

While Kreider eventually managed to regain control of his account, Gallegos-Moore was still without hers at the time of writing. Instead, she renamed a backup account to her original adventurebitch handle, but had fewer than 100 followers at last count. She lambasted Instagram for its approach to the hack.

While it isn’t clear how she lost her account, Instagram account hacking has become commonplace.

In August, the company blogged in response to reports that hundreds of accounts were being hacked. One piece of advice in that blog post may offer a clue:

Our current two-factor authentication allows people to secure their account via text, and we’re working on additional two-factor functionality with more to share soon.

SMS-based two-factor authentication (2FA) renders the user vulnerable to an attack known as SIM swapping, in which hackers socially engineer cellular carrier employees to switch a cellphone’s number to a new SIM. This enables attackers to access the SMS texts used in 2FA authentication and gain access to the account. NIST deprecated SMS texts as a form of 2FA in 2016.

24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service.
Learn More

Celebrity Instagram hacks have happened before. Selena Gomez, who had 125m followers at the time, had her account hijacked in August 2017, and someone with far too much time on their hands posted naked pictures of her ex-boyfriend Justin Bieber on it.

A couple of days later, Instagram confirmed that hackers had stolen personal information from high-profile user accounts by exploiting a bug in its system that exposed telephone numbers.

Hackers had already exploited the bug to harvest personal information on up to six million Instagram accounts, revealed the Daily Beast. They created a database of the information, which included all the Instagram accounts with over a million followers, and charged $10 per search.

Use app-based authentication to secure your account

Many people invest so much time and effort in their social media accounts that these hacks can affect their online brand and their ability to generate revenue. With attacks like phishing and SIM swapping now rife, enhanced protections are more important than ever.

Instagram announced an improvement on its SMS-based 2FA with enhanced security with support for mobile app-based authentication earlier this year,

Here’s how to set up your Instagram account to use a third-party authenticator app:

  • Go to your profile.
  • Tap the Menu icon.
  • Select Settings.
  • Choose Two-Factor Authentication.
  • Select Authentication App.
  • If you’ve already installed an authentication app, Instagram will automatically find it and send it a login code. In that case…
  • Go to the app, retrieve the code, and enter it on Instagram. That will automatically turn on 2FA.
  • If you haven’t already installed an authentication app, Instagram will shuffle you on over to Apple’s App Store or Google Play to download the app of your choosing (Sophos has you covered here: consider downloading Sophos Authenticator which is also included in our free Sophos Mobile Security for Android and iOS). Once you’ve installed your chosen authenticator, return to Instagram to continue setting up 2FA.


Twitter added support for FIDO Universal 2nd Factor (U2F) security keys this summer, and Facebook also supports mobile authentication apps.


  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Lock screen bypass already discovered for Apple’s iOS 12
Next: The Facebook dilemma – stick it out or pack it in? [PODCAST]

One comment on “Hackers demand ransom from hijacked Instagram influencers”

  1. ejhonda says:
    October 2, 2018 at 3:23 pm

    Instagram obviously has a very broken identity management system if victims consider paying a ransom rather than turning to Instagram for assistance. A month or two ago professional racer Jordan Taylor (IMSA WeatherTech Series) put out a plea on Twitter to all his followers to send a note to Instagram to assist Jordan in retrieving his Instagram account, which had been taken over by hackers who were posting salacious pictures on it. He had a few funny posts hinting at his frustration trying to get their attention to help him recover the account.
    [URL removed]

    Reply

What do you think? Cancel reply

Recommended reads

Dec27
by Paul Ducklin
2

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

Dec05
by Paul Ducklin
2

Ping of death! FreeBSD fixes crashtastic bug in network tool

Jan05
by Paul Ducklin
12

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP