Breach, Compliance Management, Threat Management, Data Security, Malware

Instagram users report hack, note recovery emails changed to .ru addresses

Hundreds of Instagram users have reported that their accounts were hacked this month with some indicators that Russian attackers may be behind the attacks.

Talkwalker, a data analytics platform, said 899 accounts have referenced Instagram hacks in the last week, according to a report by Mashable. The report noted that users found themselves logged out of their accounts and when they tried to reset their passwords they discovered that their recovery email addresses had been set to .ru accounts.

“My account was hacked! Everything was reset so I can't reset password. It might have been disabled. Received an email to reset password but it goes to an error page. Cmon Instagram! Don't leave us hanging like that! I want my account back!” Ana Dias Oceguera posted to Instagram's Twitter account.

Her voice joined the chorus of users trying to reach Instagram for assistance via social media.

“We work hard to provide the Instagram community with a safe and secure experience," Mashable quoted an Instagram spokesperson as saying in a statement. "When we become aware of an account that has been compromised, we shut off access to the account and the people who've been affected are put through a remediation process so they can reset their password and take other necessary steps to secure their accounts.”

But users like Chris Woznicki said the process was of no use. "When I reported it, they sent an automated email which told me to log in and change the password," Woznicki said in the Mashable report. "However at this point, it was impossible to do that."

Paul Bischoff, privacy advocate at, said currently “there's not much to go on” and noted, “Instagram has not stated how or why these attacks occurred.”

While contending hackers possibly breached Instagram to take over the accounts, Bischoff said it was “more likely that the victims' login credentials were stolen by malware or compromised in a phishing attempt.”

Whether the victims use Android or iOS devices, would help “to pinpoint the cause,” he said, maintaining that the hacked accounts likely “were intended to be used as spam bots.”

But even if some victims can “regain control of their accounts, many of those affected have likely quit the platform or just won't go through the trouble, adding soldiers to the spam bot army,” Bischoff said.

“Although one user claims his account was taken over despite having two-factor authentication enabled, I would recommend all Instagram users enable it anyway,” he said. “Two-factor authentication can go a long way in protecting your data and information, not just on Instagram, but on any online account where it is available.”

Lee Munson, security researcher at, called 2FA “a very good secondary line of defense,” but said “it is not infallible” and typically “can be circumvented via phishing – either tricking someone into revealing the 2FA identifier or, far more likely, my getting them to login to a fake version of the site they were intending to visit.”

The use of Russian email addresses “may well signify that the attacker is a resident of that country, but it is certainly not a foregone conclusion – email addresses are easily spoofed, either to conceal identity or to encourage finger pointing toward the wrong place,” said Munson, who suggests users not only use two-factor authentication but also take care “to only access the site through the app (only downloaded from an official app store) or by typing the URL directly into their browser.”

Having a unique code sent to a phone “or leveraging a constantly changing pin code via an app” ensures that a hacker who's lifted a password “will have difficulty getting into your account,” said Travis Smith, principal security researcher at Tripwire, who suggested using “strong and unique passwords for each account” to “minimize the chance that an attacker will re-use passwords from other breaches on accounts you've protected more heavily in the form of two-factor authentication.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.