Instagram Hijacked by Email

Instagram Account Pwned

My Instagram account was been hijacked 3 times in less than 6 weeks. It was a running joke with my friends. They reckoned that I should take it as a compliment, as only the rich and famous get hacked that much. I still haven’t worked out why they did it, but I have finally figured how they did it. One by one I eliminated the obvious weaknesses, such as using a weak password…. (Instagrant was way too obvious)…. and in the end there was only one left. I had been Pwned.

Use a Hard Password

After  “Merlin” stole my second account I used an  un-crackable password on my Instagram.  I was certain that I was safe.  I had upper and lower case, it was over 12 characters long and I had used non-alpanumerics.  It was so hard that I needed to write it down and I needed to turn on the “see password” icon. Nothing in life is certain and within a week “German Elvin” hijacked my account and it ended up on “Pictaram” again. Pictaram seems to be an Asian hacker site that hijacked accounts end up on.  A boneyard of dead Instagrams’ that are used for some nefarious purpose.

Trying to Contact an Actual Person at Instagram Help is Useless

I was ready to give up. It was all too hard. I was sick of trying to contact Instagram. That is pointless. They do not read your emails and any feedback seems to be automated. I wasted days trying to contact Instagram during the first 2 thefts.  I read their security and hacked accounts recommendations multiple times, and had tried every option to get my account back. Nothing worked and no real help was given. After the third hacking attempt it was obvious that the Instagram Security, Hacking and Impersonation Help just looped between all of their options and eventually led back to the beginning.

What is Pwned?

I was worn down. First there was”Persephone”, then “Merlin” and finally “German Elvin”. How did they crack my password so easily? I had spent days searching the internet and hadn’t come up with anything.  Then came the breakthrough, I learned about being Pwned. I didn’t even know it was a word, but it seems that this was what had happened to me. The word “Pwned” originated in the gaming community years ago and meant absolutely dominated and destroyed…. yep that seemed right.

I discovered a free .com website called “haveibeenpwned”and entered my email address and it seemed that my data had been compromised on 4 separate occasions.  A Russian attack was the biggest breach.  There had been some massive data thefts with millions of email passwords stolen and I had never been notified about this. Internet and email providers don’t want it to be made public when they lose data and so the chances are that if they have been breached you will not be told about it.  The stolen information is then sold on the dark web.

Change Your Email Password Regularly

I hadn’t changed my personal email password for years. Now I realised why it is recommended that you change passwords regularly. I had stupidly thought that if you had a strong password and didn’t use it on other sites that should be enough. I didn’t think the service providers security being breached and your password and details being available for sale was even a possibility. This was exactly what had happened. Because the hacker had my email password they could log on and sent a request to Instagram for a password change from my email address. Instagram sent back an email to my primary email address with a link to my Instagram account so that I could change the password.  The hacker was ready and using the link changed my Instagram password so I couldn’t log in. It was that easy. It wasn’t an evil genius mastermind at the other end…. just some fat and lazy hacker that had paid some cash for my details.

How I fixed my Instagram Hacking Problem

If someone had access to my email account what else could they do? I did a bit of searching and then I discovered an answer to another strange thing I had recently noticed. I had been getting a spate of administrator return emails. I looked at these and they were to addresses’ that I had no knowledge of. The hacker had been using my email address to send automated spam. I didn’t open the emails. They may have contained a virus or may have just been to extort money. They were all addressed to the “Accounts Department” of various companies around the globe.  This is a brute force numbers game. If even one in a thousand pays up they are doing well.

I immediately contacted my service provider and told them what had happened and via landline we went through a process of changing my password so it would not be visible on-line. While we were doing this I saw the hacker enter a password request on my screen trying to log back in…..Really scary…. We got there first and that was the end of “German Elvin”. I assume he is now leeching off someone else’s email… after all there are millions of passwords for sale….


Leave a Reply

Your email address will not be published. Required fields are marked *