Credit: TY Lim / Shutterstock.com
Instagram originally helped people share pictures from their phones. Several years, a billion-dollar acquisition by Facebook, and countless feature releases later it's become a social network unto itself. Accounts with many followers are valuable, not just to the people who run them, but also to anyone looking to steal them. And it seems like someone (or a group of someones) set out to steal a lot of them in recent weeks.
Mashable reported that at least eight people with relatively high follower counts on Instagram--with an apparent peak of 4,500--claimed their accounts had been hacked. The outlet also noted a marked rise in the number of people complaining about their accounts being hacked on Twitter. That evidence is anecdotal, but it could indicate that someone has discovered a new way to assert control over Instagram accounts.
The hacks recounted to Mashable follow a similar pattern: someone compromises an Instagram account, changes the username and profile picture, then updates the contact information associated with the account to an email with a ".ru" domain. One person said this happened even though he had two-factor authentication, which is supposed to prevent hacks like this, enabled for his account. It's not clear how that happened.
For its part, Instagram published a blog post saying it's "aware that some people are having difficulty accessing their Instagram accounts." The company said that it's investigating the issue and that it has "dedicated teams helping people to secure their accounts." Aside from that, Instagram didn't offer more information about Mashable's claims, and simply gave concerned users advice on how to secure their accounts.
But the company did make one small revelation. In a bullet point discussing its two-factor authentication system, Instagram said it currently only allows people to receive a code via SMS as the second factor, but that it's "working on additional two-factor functionality with more to share soon." It sounds like the company's at least working to offer more secure options to people who use (or should use) two-factor authentication.