Could your selfies be held to ransom? Alleged Instagram account hacker arrested

Graham Cluley

Could your selfies be held to ransom? Alleged Instagram account hacker arrested

Could your selfies be held to ransom? Alleged Instagram account hacker arrested

The incredibly cool-sounding Titan, the North West of England’s regional organised crime unit, have arrested a 16-year-old boy from Croxteth, Liverpool, on suspicion of hacking an Instagram account.

The Liverpool Echo quotes Detective Chief Superintendent Chris Green, the head of Titan:

“Our on-going enquiry centres on the alleged blackmailing of someone in another part of the country whose Instagram account, with many thousands of followers, was hacked and taken control of by someone else.”

“The victim then received messages from the offender asking for a ransom to be paid in return for access to their Instagram account being given back.”

“Another allegation is possibly related is the hacking of someone’s online shopping account whereby goods were re-directed to another person’s address.”

Computer equipment has been seized by law enforcement officers and will be examined by digital forensics experts.

It’s clear to me that this is just more evidence that 2016 is becoming the year of online extortion – online attackers are recognising that there is money to be made through extortion, whether it be demanding a ransom to be paid for the safe return of data, the suspension of a DDoS attack against a website, or the recovery of a social media account.

Past victims of Instagram hackers have included artist Rachel Ryle, who had her account hijacked by a spammer and lost 35,000 followers and a sizeable sponsorship deal as a result.

Earlier this year it was reported that Instagram was beginning to roll out some form of two-factor authentication/two-step verification to better protect users’ accounts.

As Instagram’s parent company Facebook does provide two-step verification (in the form of Login Approvals) one would hope that the wind is blowing in the right direction…

However, I have not been able to confirm that the security feature is available to the Instagram masses yet. If you have more details on whether Instagram users can enable 2FA or 2SV yet, please leave a comment.

Update: Two-step verification is now available to all Instagram users. Turn it on!

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES