It has long been said that Instagram accounts could be hacked in 120 seconds. There are various websites offering Instagram password generators where all you need is a user’s account name or email address.
Well, cyber criminals have hacked an unknown number of Instagram accounts and changed the passwords, pictures, and biographies and, in many instances, added pornographic images and adult dating site links that earn referral fees.
Symantec was the first to spot the scam. “Earlier this year, we reported an influx of fake Instagram profiles luring users to adult dating sites," Satnam Narang, senior security response manager at Symantec, said in a blog post.
"Our findings follow a previous report on Twitter accounts being hacked to post links to adult dating and sex personals, which bears some similarities to this new campaign.”
{loadposition ray}
The details are similar for each hack – the obvious conclusion is that machine learning and automated bots can be used to execute the attacks. But it could equally be that someone has hacked Instagram’s site and made off with the passwords – or used another blackmarket list and just matched user names as most users have the same password for all online accounts.
The password, biography, name and profile picture are all changed, and a link added to an intermediary site and a pornographic image.
The scammer has also added a survey suggesting that a woman has nude photos to share and that the user will be directed to a site that offers "quick sex" rather than dating. Once the survey is completed, users are redirected to an adult dating website that contains the scammer's hidden identification number.
And the scammer earns money for each user who signs up for the site.
The problem is that once an account is hacked, the cybercriminal then owns the site and the legitimate owner cannot get it back – bye-bye to your content!