Could your selfies be held to ransom? Alleged Instagram account hacker arrested

Enable two-step verification wherever possible, folks.

Could your selfies be held to ransom? Alleged Instagram account hacker arrested

The incredibly cool-sounding Titan, the North West of England’s regional organised crime unit, have arrested a 16-year-old boy from Croxteth, Liverpool, on suspicion of hacking an Instagram account.

The Liverpool Echo quotes Detective Chief Superintendent Chris Green, the head of Titan:

Our on-going enquiry centres on the alleged blackmailing of someone in another part of the country whose Instagram account, with many thousands of followers, was hacked and taken control of by someone else.”

The victim then received messages from the offender asking for a ransom to be paid in return for access to their Instagram account being given back.”

Another allegation is possibly related is the hacking of someone’s online shopping account whereby goods were re-directed to another person’s address.”

Computer equipment has been seized by law enforcement officers and will be examined by digital forensics experts.

It’s clear to me that this is just more evidence that 2016 is becoming the year of online extortion - online attackers are recognising that there is money to be made through extortion, whether it be demanding a ransom to be paid for the safe return of data, the suspension of a DDoS attack against a website, or the recovery of a social media account.

Past victims of Instagram hackers have included artist Rachel Ryle, who had her account hijacked by a spammer and lost 35,000 followers and a sizeable sponsorship deal as a result.

Earlier this year it was reported that Instagram was beginning to roll out some form of two-factor authentication/two-step verification to better protect users’ accounts.

As Instagram’s parent company Facebook does provide two-step verification (in the form of Login Approvals) one would hope that the wind is blowing in the right direction…

However, I have not been able to confirm that the security feature is available to the Instagram masses yet. If you have more details on whether Instagram users can enable 2FA or 2SV yet, please leave a comment.

Update: Two-step verification is now available to all Instagram users. Turn it on!


Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.