A number of Instagram users claim to have been victims of cyber attacks with the same method. The perpetrator of the attack forced the victim to leave his account before changing the user’s personal data.
Hundreds of people have reported themselves as victims of this attack since the beginning of August, which shows the similarity between these attacks. The victims mentioned that they were expelled from their accounts, before their names and profile photos were changed, usually becoming Disney or Pixar characters.
The victim’s profile will also be deleted later, they cannot reset the password because their account has been linked to a new email that has a .ru, Russian domain address.
Most victims claimed that they did not activate the two-factor authentication feature. However, a man said he had used the feature and his account was still attacked.
The attacker does not seem to upload new photos or delete old photos. However, changes to the account’s personal information make it difficult for victims to regain access to their account because messages from Instagram will enter a new email.
The victims then used Twitter to protest on Instagram. Following up on this, Instagram said that they continue to work hard to provide security to its users.
“When we realize that an account has been hacked, we close access to the account and the victims will be asked to go through the remediation process so they can reset their password and take other steps to secure their account,” said an Instagram spokesman.
Does this mean we are not safe on Instagram anymore even with two-factor authentication active?