Getting one of your social media channels hacked isn’t anything new these days however it doesn’t make it less frightening whenever that happens. Recently my Instagram account got compromised and you bet that made me crazy even though I know I’m the one to blame for not having a secure enough password. I’ll detail how it happened and how I recovered it in this blog post.
I use Instagram a lot as it’s as personal to me as my Facebook account. In case you’re not following me yet, I love to post food pictures, headphones and things that I’m up to. Most of the things that I do online outside of my work-stuff are mostly personal so there really isn’t any business purpose or value for the account.
How it all unfolded
Everything started when I woke up one day and realized I have plenty of ‘request to follow’ notifications on my phone from my IG account which was weird since my account is public. I was gobsmacked when I found that the account logged-in became ‘janaehumbert99ft’ having a profile picture of a fat butt and a description that clearly baits perverts to follow the account and click the suspicious bio link.
I panicked immediately since my work Instagram account was also logged-in on the phone and I feared that it might get compromised too so I decided to just log out everything. My worst fears were realized when I found that the email address associated to my Instagram account had read emails about changing the account’s password and email address. This meant the hacker not only changed everything on my IG account through having access to my email, but possibly all other sites where it is the main email address (there’s a lot!).
Like any sane person would do, I changed the password of my email immediately and made sure it’s a tough one. I went back to my Instagram case and wrote them detailing everything through this page. At this point, I didn’t have any ideas as to what happened to my account. The way I explained was I thought my account was replaced with another account on my email address, then changed the email address, and then later on deleted my original Instagram account. So to summarize, my email did not have any IG account associated to it anymore since the hacker successfully was able to transfer it to a different email.
After some hours on the same day I was hacked, the new IG account named ‘janaehumbert99ft’ also disappeared which made me think the hacker might have renamed it to something else anew so it become untraceable for me. Another possibility that I thought of was Instagram disabling the account while investigating the issue.
Painful experience with Instagram Support
It was surprising that Instagram was slow and unhelpful at the beginning, oftentimes not understanding the issue at hand. It took 4 and a half days before I got a reply that made me think I’m not close to seeing the light at the end of the tunnel.
They made me write a code, my full name, email address and previous username on a piece of paper, then take a picture of that with me holding it. It sounded weird but I understood that it’s how they could really verify me and my claims.
Instagram support replied after a couple of hours saying my account has been reactivated again. Whew! Problem finally solved right? No!
I still couldn’t login, couldn’t reset password since the email was still not associated to any account and I couldn’t do anything! I emailed them back with that and they replied with almost just the same message which is ‘we have reactivated your account again, sorry about that’. But I still couldn’t login!!!
Much to my dismay I discovered that the account ‘janaehumbert99ft’ has been reactivated again and my friends started telling me that they’re seeing my photos under someone else’s account. Two things became clear to me then.
First was the ‘janaehumbert99ft’ account is really my previous Instagram account. It was just renamed but that’s my account. Remember at the beginning that I was under the impression my original account was swapped out and deleted but it didn’t seem to be the case.
Second was they simply reactivated the account using the same credentials, same email which I didn’t have access with! WTF!!! I got so pissed off because that only makes the hacker do more harm since the account has been reactivated again and more importantly, he can access it again. I was under his mercy basically as he can rename it, change the email and make it untraceable, or worse, start posting nude pictures or what have you and start alienating my followers! So stupid Instagram!
I sent successive replies explaining what I explained above but I did not get a reply on the same and the following day. I got a little worried that I might not be doing myself a favor as I might come across as annoying to whoever is handling my case.
I’ve decided to then just write a new report using the page I linked above. There I explained everything again carefully and made sure it didn’t become too long. It’s a little risky since I thought that could essentially restart my case again and then add up another week to it. Urgghh!
When I was explaining, I mentioned briefly that someone was already handling my case but I was not happy with how it’s being handled. I gave the supporter’s name so the new supporter can hopefully coordinate with him. I still summarized my case in my report and included my realizations that were not there the first time I reported the issue. I tried my best to keep everything not too long but still clear.
After more than 12 hours, a new support person from Instagram replied and much to my delight, it was the reply I was expecting to get from their previous support person. I finally got a link where I can change the password of the account and once I’m able to do that, I proceeded with changing the email back to one that I can access and then swapping back my own details like my username, description and website. Finally I changed the profile picture from the fat girl’s butt to my pretty face. I can’t believe I have my Instagram account back again!
What happened next was I unfollowed a lot of people since the hacker’s strategy seemed to be following lots of male accounts and then get them to follow back or click the suspicious bio link that could get them hacked. I got a minor boost in followers count which subsided down once they realized they’re following an account that was not what they thought it would be.
What to learn from this
There’s plenty to learn from this experience and all of them are unfortunately very basic which we just ignore until we become a victim. I changed all my passwords to a more secure one, enabled two-factor authentication whenever available, and made sure I’m aware what accounts are connected to what emails.
The funny but slightly annoying thing is I could’ve easily just gotten my account back had I not logged out of it on my phone. I could’ve gotten into the settings, changed my password, email and bio and I didn’t have to go through the whole draining process at all.
But if that happened, I’m pretty sure there’s a good chance I won’t change my passwords, make my email addresses more secure, you name them! I would then just be delaying the inevitable.
Not sure I can say right now the learning experience was worth it but hey, my accounts are more secure now, I have my IG back and that’s all that matters! 🙂