How to hack into your old instagram account
Instagram Hacked? Here’s How to Recover Your Account
Instagram is crucial for designers, serving as a marketing and networking tool that’s key to landing new clients. So what should you do if you’ve had your Instagram hacked? First, don’t panic—you’re not alone. “I’d say it’s common for the average user to get hacked to some degree in their life,” says Matthew Krull, a social media strategist at design-focused communications agency Novità. “I hear more often than not from my friends and colleagues that they’ve experienced some suspicious activity on their account.” But if you’ve had your Instagram account hacked, it’s important to recover it as quickly as possible. Here are the steps for how to get your Instagram account back, as well as measures you can take to bolster your cybersecurity.
Can you get your Instagram back if it’s been hacked?
The short answer: It depends.
If you’ve had your Instagram hacked, it is possible to get it back, but you need to move fast, so that the hacker can’t compromise your account further. If you act quickly, you might be able to kick out the hacker while they’re in your account and before they’ve changed your info, deleted your photos, or posted to your profile. That way you can save yourself the trouble of having to recover your Instagram account through a Meta support request.
But if the hacker has already gone beyond logging in and potentially changing your password, Instagram account recovery becomes a lot more difficult. Depending on how much damage they’ve done, Instagram may be able to help you recover your account. But brace yourself: If your account has been deleted by a hacker, there might be nothing the Instagram support team can do to recover your account.
How do I get my Instagram account back?
There are two different levels of hacking: One that only changes your password, and another that changes your password and contact info. Here’s how to report a hacked Instagram account, and how to recover your Instagram account as soon as possible.
What to do if a hacker has changed your Instagram password
If you’ve found that your password no longer works, simply follow the steps for setting a new one, as prompted by the login page on the Instagram app. Hopefully, the login link will be sent to your email account or phone number, and you can use a security code to log back in to your account and change your password. This would be the best case scenario, as you can solve the problem yourself without having to contact Instagram. (That said, it’s not a bad idea to contact Instagram customer service anyway and let them know that your Instagram account has been hacked—the company may point out some helpful security tips to keep your account safe in the future.)
You’ve had your Instagram hacked, and the hacker changed your password and contact information. Now what?
Hitting a brick wall at the login screen? Yikes. If you’re locked out of your social media account, and you don’t receive a password reset link when you request one via the Forgot password button, a hacker may have changed your email and phone number. This is a more common type of hacking, as scammers know you will try to reset your password yourself, and they will want to keep control of the account for themselves. They may even hold your Instagram account for ransom, and request bitcoin or other plunder for you to get it back. If that’s the case, you’ll need to report the activity to Instagram by following the instructions here. They will ask you to verify your identity—you might even have to take a video selfie to prove you are who you say you are. This process likely won’t give you immediate access; it could take days or even weeks to recover your Instagram account.
Can you recover your Instagram account if it has been deleted?
In some cases, hackers might delete all your posts, or they might delete your account entirely. If they’ve deleted some but not all of your account, you might be able to retrieve posts by going into the Your Activity section of your Instagram account and selecting Recently deleted. There, you’ll find posts from the last 30 days as well as stories from the last 24 hours. You can then restore those images or videos.
But if your account has been totally deleted, you might be out of luck. Instagram itself says, “When you delete your account, your profile, photos, videos, comments, likes, and followers will be permanently removed.” You can create a new account with the same email address you used before, but you may not be able to get the same username.
That said, there is a window in which you can recover your Instagram account. “If someone has deleted your account, you technically have 30 days to contact Instagram to explain that you have been hacked and [ask them] to put your account back up. Instagram claims it stores your data for that long,” says digital marketer Jonathan Simon, director of marketing and communications at the Telfer School of Management at the University of Ottawa. “However, this is a long shot. Once your account is deleted, it is likely gone.”
Interior designer Kristen McGinnis, for instance, was not one of the lucky ones. Back in 2020, she found that she was logged out of her Instagram account due to suspicious activity—even though her two-factor authentication was enabled. “Instagram’s account retrieval process includes going through identity confirmation. I submitted this well over a dozen times within a month and received zero response,” McGinnis says. “Sadly, I never received any help, only headache and heartache.”
After a month, McGinnis gave up. She started a new Instagram account and used her inaugural post to explain what had happened to her former handle. She then started the arduous process of re-following her former connections, hoping they’d follow her back. Although many of them did, she needed to message others to reintroduce herself. The small silver lining was that her photos were auto-saved to her phone. Still, the mishap had a cost. “I lost a few thousand followers, many of whom I will never get back because I don’t know who to reach out to,” McGinnis says.
Even though no method of account protection is completely fail-safe, staying on top of security best practices can hopefully prevent you from having to rebuild your following. You can also download your data periodically in order to keep a record of your posts, your followers, and even your comments—that way, if you have your Instagram hacked and eventually need to rebuild your account, you have a head start.
What should you do if you’re locked out of your Instagram account?
For starters, remain calm. Sometimes getting locked out—especially for business accounts—is simply due to an oversight. “For instance, let’s say a social media manager moves on from the company,” says New York– and London-based digital content consultant Charlene C. Lam. “If a transition plan isn’t in place, it may be a while before the remaining team members realize they don’t know the Instagram password.”
To mitigate that risk, keep your Instagram account recovery codes stored in a secure place. These recovery codes will be used to reset two-factor authentication, which will help you get your Instagram account back. They can be found on the Security page of the Instagram app.
Unfortunately, there may be an instance where you’ve been locked out because you were genuinely been hacked by a scammer.
What should you do if you suspect someone is trying to hack your Instagram?
There are a few red flags that may indicate that someone may be trying to hack your Instagram account (or already has). Three big ones: receiving a changed-password email from Instagram that you didn’t trigger yourself, receiving an unprompted email-change request from [email protected], and seeing posts you didn’t make. Here’s how to get help.
What to do if Instagram noticed suspicious activity on your account
If someone attempts to reset your password, Instagram will send you an email informing you of the change. “I take immediate action as soon as I get a notification or email from Instagram letting me know there was suspicious activity on any of the accounts I manage,” Matthew Krull says.
If you receive an email that someone has requested to change your password, and it wasn’t you, someone may be trying to hack your Instagram account. Report the situation to Instagram via the link in that email, then immediately change your password.
If you received an email from [email protected] asking about changing the email address associated with your Instagram account, but didn’t make that request yourself, click the link in the message that says Secure My Account. If you are unable to get through the login page, the scammer may have changed your password. Don’t lose hope yet—you can still get help by requesting a login link or a security code.
But remain attentive when it comes to these Instagram emails: Some messages that appear to be from Instagram could be phishing attempts or scams from hackers. The good news is that Meta has developed a function to help protect you. If you enter the security section of the Instagram app, you can see what emails Instagram has sent you within the last two weeks. Reviewing that data should help you verify an email’s authenticity.
Keep in mind that other messages, like Instagram DMs and WhatsApp chats, can also contain phishing scams. Stay alert!
What to do if you noticed suspicious activity on your account
If you notice photos or stories you didn’t post yourself appearing on your page, but you’re still logged in, you’ve probably been hacked on Instagram. You should change your password immediately, as doing so will kick the hacker out of your account. You should also manually log out of any suspicious devices via your login activity page, as well as revoke access from any third-party apps that might have had a security breach and exposed your login information.
How to protect your Instagram account
Hacking isn’t limited to high-profile Instagrammers. “Any account can be a target, because if the hackers are successful, they can use the hacked account to try to get important information like credit card numbers, addresses, and PINs from other unsuspecting users,” Jonathan Simon says.
A strong password is an obvious place to start—and yes, those strings of letters and numbers suggested by Apple’s iOS are pretty safe. (If you’re concerned about remembering all of your logins, a digital password manager can help.) Still, there are a few additional steps you should take to thwart a potential hacking.
Turn on two-factor authentication
Two-factor authentication requires users to enter a security code from an authentication app or your cell phone via text message (SMS) every time they log in to a new device—and it’s a solid deterrent to scammers. Meta offers this service, and you can set it up via the security page in the app.
Check your login activity
Keep an eye on your login activity, which can also be found under the security section of the app. There, you’ll see all the devices that your Instagram account is currently logged into, plus their geographic locations. If you see suspicious activity here, you can log out of those devices from your current one.
Check which third-party apps have access to your Instagram account
Granting third-party apps access to your account is an easy way to share content across different platforms, but it does come with some level of risk: Hackers can break into those apps and steal your Instagram login info. Head to your security settings, then click Apps and Websites to see what other apps have access to your Instagram account. Keep an eye out for any big data breaches that might affect those apps—if one happens, you’ll want to change your password immediately.
Enable auto-save
Though this measure won’t necessarily protect your account from hackers, it does give you a chance to save all your photos to your phone in the event you have your Instagram hacked and deleted. In the app, click on Settings, then Account, then Original Photos (iPhone) or Original Posts (Android), and make sure that Save is toggled on.
Instagram hacked: What to do if someone breaks into your account
Losing access to your Instagram account can be extremely stressful, especially if you engage your audience daily. Besides losing the ability to control what’s being posted, a hacked Instagram account can put years of work in jeopardy, seriously disrupt in-store purchases as well as sponsorship revenue, and lose you a whole lot of followers.
At Notch, we specialize in helping Instagram creators protect their accounts and providing insurance for any lost income whenever there’s a security breach - so we understand the severe impact that these events can have.
By the end of this article, you'll:
- Understand what to do if your Instagram account gets hacked
- Become familiar with the common ways hackers target social media creators
- Be equipped with tips to protect your account from hackers
Let's dive in.
What to Do If Your Instagram Account Gets Hacked
Whether it’s phishing or another form of social engineering, cybercriminals use a wide range of techniques to gain unauthorized access to your Instagram account.
When this occurs, you’ll need to act as quickly as possible to minimize your losses and increase your chances of regaining control swiftly.
Was your Instagram account hacked? Here are the steps you need to follow:
1.
Check Your Email InboxIn many cases, the first thing that hackers do is attempt to change your login credentials to revoke access to your account.
When an email address is changed on Instagram, the system sends out an automated message to the old address for security purposes.
You should log into your email and check for this message before going any further. If you’re lucky, you’ll be able to tap on the link within the email that says “revert this change” to regain access to your account.
2. Request a Login Link
If the link to revert the change has expired or is not available, you can still contact Instagram and request a login link.
On your Instagram app login page, tap on “Get help logging in” (Android) or “Forgot Password?” (iPhone). Then, enter your email address, phone number, or username, then select the method you want to get the login link.
Check your email or SMS messages (depending on which one you chose) to see if you received a link. It’s important to note that, unless the hacker is very inexperienced, it's unlikely this will work because long-time criminals change these contact details as soon as they’ve hacked an account.
3. Change Login Credentials, If Possible
If any of the two steps above allowed you to successfully log in, the first thing you should do is change your password.
The most secure approach is to use a password manager.
4. Report the Incident to Instagram and Verify Your Identity
If neither of the first two steps worked, it’s time to reach out to Instagram. More often than not, this is a hopeless process, but photographer Jared Quackenbush shared a method that worked for many victims: reporting the hack while verifying your account with a video recording of your face.
If you want to submit a video of your face to verify your account, you have to:
- Go to the Instagram login page and type your username
- Tap on “Forgot password”
- Select “Need more help?”
- Choose the account you want to verify
- When you get the prompt, choose to receive recovery code via text message
- The hacker has likely set up 2FA at this point so you’ll be asked for another code
- On this same screen, tap on “Try Another Way”
- Tap on “Get Support” and select the optioned labeled “My Account Was Hacked”
- Select “Yes, I have a photo of myself in my account
- Type in your email address and tap on “Submit”
- You should be met with a selfie video recording, so follow the instructions and you’ll get contacted by Instagram within 24 hours (usually occurs right away)
Note that this verification system only works if you’ve posted pictures of yourself recently, and because it’s powered by AI, it has some limitations - for example, if your picture has a filter, it may not recognize you.
5. Reach Out to Your Instagram Insurance Provider
If you have insurance for your Instagram account (like Notch), the first thing you should do is reach out to your insurance provider (if they haven’t already contacted you), and file a claim.
Once the claim is processed, you’ll begin receiving daily payouts that cover any losses to your income. At the same time, the insurance company will help recover your account so you can get back to business as soon as possible.
{{learn-more}}
How Do Cybercriminals Hack Instagram Accounts?
Common tactics used by cybercriminals to hack Instagram accounts include social engineering and phishing methods. Here are three tactics you should be aware of:
The Copyrighting Scheme
In the copywriting scheme, fraudsters impersonate Instagram team members and reach out to Instagramers claiming they’ve violated copyright infringement laws.
Users are provided with a link to solve the issue. But, instead of going to a legitimate page, users are redirected to a phishing site that collects their username and password data as soon as they attempt to log in.
The Verified Badge Scheme
Cybercriminals also use the verified badge scheme to gain access to their victims’ accounts. Verified badges appear on accounts that Instagram has reviewed to show that they’re legitimate.
Unfortunately, hackers are now impersonating Instagram support agents that offer creators the chance to add a verified badge to their accounts.
As with the copywriting scheme, users are redirected to a fake page that records their login data as soon as it is submitted.
You might be interested in: 6 ways hackers steal Instagram accounts
Real Time Phishing Schemes
A more sophisticated method hackers use, which lets them bypass Two Factor Authentication (2FA), is referred to as ‘man-in-the-middle’ real time phishing.
Hackers send emails impersonating a legitimate company - let’s say Instagram - and dupe users into clicking on a proxy server. Unlike the typical scams we mentioned earlier, in this case the hacker-run web page is a mirror image of the legitimate web page, like Instagram’s login page.
When users click on an online proxy controlled by the hacker, their browser connects to it and forwards the information - like log in details - to the legitimate website that the user believes they’re already on.
It’s easy to be tricked - the page operated by the hacker is exactly the same as the real log in page, the only difference is a small discrepancy in the URL.
Instagram will ask the user to provide their 2FA code - which they’ll enter on the hacker’s proxy server. So the user thinks they’ve logged into Instagram without any suspicion, and Instagram also believes the user has logged in. Meanwhile, the hacker has gained access to the account and can now change the login information.
The key takeaway here is to never be complacent, even with 2FA set up, and to always double check the URL of the website you’re entering sensitive information into.
6 Tips to Protect Your Instagram Account from Hacks
Hackers can trick even the most vigilant Instagram creators, so it’s vital you do everything possible to limit the chances of this happening to you. Here are 6 of the best security measures we recommend.
{{subscribe}}
Double check links
This is the most common piece of advice victims of Instagram hacks have given in our How I Got Hacked blog series. That's because the majority of hacks are a result of creators clicking on links they receive by email or DM, from hackers impersonating legitimate accounts. The links they include seem legitimate at first glance, but it's crucial to stop yourself from clicking before thinking. Instead of blindly opening up the link, hover over the hyperlink and check the URL. Does it look suspicious? If so, it's better to be safe than sorry. Delete the email.
Use a Password Manager
A common piece of advice to prevent hacks is to strengthen your password. In truth, brute force attacks, in which hackers guess your password, are less of a threat than social engineering or phishing attacks. After a few failed login attempts, Instagram recognizes suspicious activity.
So while having a strong password can only help, our advice is to use a password manager app. These help protect you against the most prevalent hacker tactic - phishing - while also simplifying the login process.
A password manager works like a centralized vault that stores all of your login credentials. Instead of remembering each one individually, you only have to provide the master password for the management tool. The password manager then autofills the login details as long as the domain is legitimate, allowing users to log in safely with minimal hassle.
Because password manager apps recognize your known websites, they can help prevent phishing attacks. For instance, if you've been tricked by a hacker impersonating Instagram, and they direct you to a fake lookalike website where they ask for your credentials, the password manager will recognize that this is an unfamiliar URL. As a result, the password manager won't autofill your details, helping you avoid the phishing scam.
Password managers also provide features like password generators. This feature gives the ultimate level of security because Instagramers can generate secure passwords without knowing what they are and store them in the manager tool right away.
Set Up Two-Factor Authentication
Two-factor authentication is a feature that allows you to add another layer of security to your account. In addition to your password, two-factor authentication requires you to provide a second piece of information in order to access your account from a new device.
You can obtain the second piece of information through two different channels: either through a third-party authentication app like Google Authenticator or via SMS text message. The idea is that anyone that wants to access your account will need to have your password and your unlocked smartphone at the same time, which is unlikely if it’s not you.
Having said that, you can still get hacked with a 2FA setup - as influencer Jessica Wenjia found out.
Limit Third-Party Account Access
As an Instagram entrepreneur, you probably leverage a variety of tools to monitor and improve your performance. In a lot of cases, you need to provide access to your account to enjoy the benefits that these platforms provide.
This can represent an additional risk, especially if you’re working with a provider that doesn’t have a strong security system in place. Providers with weak security are more susceptible to being hacked and jeopardizing all of their partner accounts, including your own.
Risks involved with third parties don’t stop here. Some cybercriminals are known for crafting fake platforms in order to gain access to their victims’ accounts. These non-existent tools can be so convincing that Instagramers are willing to try them out, which gives cybercriminals exactly what they want.
To counter this, you need to reduce the number of third-party tools that have access to your account and verify that you only work with reliable providers. The list of partners you can trust includes, but it’s not limited to:
- Hootsuite
- Buffer
- Panoramiq
- AdEspresso
- All Adobe platforms
- VCSO
- Canva
- Shopify
Working with trustworthy providers will not only reduce the chances of experiencing a hack via third-party access, but it will also protect the details you collect about your followers.
Verify Emails by Checking Security Messages on Instagram
A common phishing tactics used by hackers involves impersonating Instagram's official email. But, the good news is that you can now verify all email communications through your Instagram account.
All legitimate and official emails sent by Instagram will also appear in your profile settings.
From your Instagram account, go to Settings>Security>Emails.
By monitoring this part of your account, you can keep track of all your security notifications and ensure that all emails you receive are actually from the Instagram team.
If you received an email that seems to be from Instagram, but there is no corresponding message in your profile’s security section, consider it suspicious and do not engage with it.
Get covered by Instagram Insurance
You should also protect your account by getting Instagram insurance, like Notch.
Notch insures Instagram accounts against hacks - meaning, if you get hacked, Notch will pay you every day you’re locked out of your account to cover your revenue loss, for up to 3 months. At the same time, we work to retrieve your account to get you back in business ASAP.
We predict it to become the norm for savvy Instagram creators to insure their accounts against hacks: all businesses need insurance, and Instagram accounts are no different.
What to do if someone tries to access your Facebook or Instagram
A notification pops up on the smartphone screen: "We detected an unusual login attempt from Rio de Janeiro, Brazil." The first reaction is panic, especially if you live in, say, Vladivostok. What could it be? System failure? Or is someone from the other side of the world really encroaching on your account?
There is no way to panic in such a situation - this will only play into the hands of the burglars. So that you can remain calm and survive this incident with minimal losses, we will arm you with knowledge: we tell you what the matter might be and how to act.
What could have happened
First, let's figure out how a stranger could gain access to your account at all. There are several options here.
Data leak and wildcard attack
A third party site where you registered might have been leaked. Having acquired a list of logins, e-mail addresses and passwords, scammers use them for a substitution attack, that is, they try to enter stolen credentials on many sites. Unfortunately, many people set the same passwords to protect their accounts in different services - this is what criminals are counting on.
Alternatively, your Facebook or Instagram credentials may have been leaked from the app you trusted them to. For example, in June last year, thousands of passwords from Instagram accounts leaked to the network, the owners of which used the Social Captain service to buy likes and followers. It turned out that he did not encrypt customer data, and anyone could get access to it. It is reasonable to assume that many users of the service have since experienced hacking attempts.
Phishing
It may also be that some time ago you fell for phishing, and your login with a password fell into the hands of scammers directly. They clicked on some link, and on the page that opened, very similar to the Facebook or Instagram login screen, they entered their credentials. So they ended up with the criminal. For example, most recently, our experts discovered a phishing campaign in which victims were lured to phishing pages by the threat of blocking their Facebook account due to copyright infringement.
Password theft
Your password may have been stolen by malware you picked up somewhere. Many Trojans have a built-in keylogger, a program that registers keystrokes on the keyboard. All logins and passwords that the victim enters, the keylogger directly passes into the hands of attackers.
Access token stolen
Someone may have stolen your access token. So that you don't have to enter a password every time you log into Facebook or Instagram, it saves a small piece of information needed to log in to your computer, which is called a token or access token. If an attacker steals the current token, he will be able to log into the account without a username and password.
Tokens can be stolen in different ways. Sometimes this is done through vulnerabilities in Facebook itself - for example, in 2018, attackers were able to get access tokens to 50 million Facebook accounts. Also, attackers can use browser extensions to steal tokens.
Login from someone else's device
It's possible that you logged into Facebook or Instagram from someone else's device - at a party, in an Internet cafe, in a hotel lobby, and so on - and did not log out after that. Or, for example, they forgot to log out of their account on a device that they had already sold or donated. Now someone has discovered your oversight and logged into your account.
False alarm (phishing again)
Your account may not have been hacked at all, but they are trying with a fake suspicious login notification. This is the same phishing that we talked about above, but a slightly different version of it. Instead of the threat of blocking, scammers can use fake suspicious login notifications with a link to phishing sites similar to the login page. Attackers expect that the victim in a panic will go to a fake site and enter their username and password there.
And what to do?
We have sorted out the possible causes, now it's time to act. To get started, log into your account - but in any case not through the link from the notification (as we already know, it can lead to a phishing site), but through the mobile application or by entering the address in the browser manually. If the password does not match and you can no longer log into your account, refer to the detailed instructions on what to do if your account has already been hijacked, which we published earlier.
If you are still allowed into your account, go to your account settings and verify the authenticity of the notification. For each social network, the path to the desired settings item will be different - see how this is done on Facebook and Instagram. Then go to the “Account Logins” section: if there are no suspicious entries there, then everything is in order, and the message about the hack was still phishing.
If you really see a suspicious one in the list of logins to your account, then it's time to hurry up to take protective measures - timely actions will help soften the blow:
- Log out of your account on all devices. On Instagram, you will have to manually end each session in menu Account Logins . And on Facebook, this can be done with a single click in the Security and login section in the settings. This will reset the access tokens.
- Make sure that the correct phone number and email address are specified in the account settings: attackers could change the data so that the link or code to change the password is sent to them. If they managed to do this, change it back to yours.
- Set a new password that is strong and one that you don't use anywhere else. If you're not sure you can remember it, save it in a password manager. By the way, at the same time the program will help you come up with a reliable combination.
- Turn on two-factor authentication to make it harder for attackers to break into your accounts, even if they know your password.
- After that, be sure to check all your devices with a reliable antivirus to make sure that they are free of malware. Attention to security settings along with good protection will make your account your fortress.
Tips
Air sellers in online stores
We tell how scammers deceive users of a well-known marketplace using a fake product payment page.
Subscribe to our weekly newsletter
- Email*
- *
- I agree to provide my email address to AO Kaspersky Lab in order to receive notifications of new publications on the site. I can withdraw my consent at any time by clicking on the "unsubscribe" button at the end of any of the emails sent to me for the above reasons.
A hacker hacked Instagram in 10 minutes and got $30,000.
Cybersecurity expert Laxman Mutiya found a way to hack any Instagram account in ten minutes - he announced this on his blog. According to Mutiiya, the vulnerability was in a password recovery system where a one-time numeric code is sent to a user to verify their identity.
Information security researcher Laxman Mutiya told on his blog how he managed to hack Instagram in 10 minutes. While Facebook, which owns the photo hosting, is constantly trying to improve security and prevent outside interference, Mutiya's example proves that this problem can be worked on indefinitely.
An expert discovered a vulnerability in the password recovery system for his Instagram account. The fact is that when a user enters his phone number to resume access to the profile, Instagram sends him a six-digit numeric code that must be entered to verify his identity.
Laxman Mutiya decided that if he could try a million different codes at this stage, then one would definitely work, which would lead to a password change on any Instagram account.
Nevertheless, the expert rightly decided that the photo service would most likely have protection against such a blunt attack.
Indeed, Instagram has limited the number of shift requests a user can send. Then, by calculation, Mutiya determined that for a successful hack, he would need 5 thousand IP addresses, each of which would send 200 thousand requests. According to the hacker, this is not so difficult to implement if you use the Google or Amazon cloud service. In this case, the entire attack will cost the attacker $150.
Laxman Mutiya sent his research to the Facebook administration, which was convinced of the insecurity of the existing system. As follows from a letter sent by the leadership of the social network, the vulnerability in Instagram was eliminated, and Mutiya himself received $30,000 as a "bug bounty" - compensation for identified shortcomings.
The expert also gave some advice to those who use Instagram to protect themselves and their data.
He recommends changing your password regularly, using only unique and varied combinations, and be sure to use two-factor identification so that any manipulations with the account are made only with the user's approval.
In May of this year, it became known about the massive leak of personal information of bloggers and celebrities from Instagram - in total, about 50 million people suffered from it. A database containing the data of millions of Instagram stars using popular photo hosting has been discovered on the Internet, TechCrunch reported. This database, located in the public cloud of Amazon Web Services, was in the public domain and was available to everyone.
As it turned out, each of the entries contained personal data of Instagram bloggers and influencers, including their biography, profile photo, number of followers, geolocation, as well as email and mobile phone number.
Shortly after the leak was reported in the foreign press, the database went offline and Facebook announced its own investigation.
“We will conduct an investigation to understand where the data, including email addresses and phone numbers, got into the network - from Instagram or other sources. We will also contact Chtrbox [the company that leaked] to find out where they got this information from and how it was made public,” Facebook said in a statement.
In June, Instagram management announced the simplification of the procedure for recovering an account after a hacker hack. The new system will ask the user a series of questions that can confirm his identity, such as the original email address (if the hacker changed it) or phone number.