Instagram Removes Hundreds of Stolen Accounts as Hacks Escalate

Bookmark

Instagram is disabling hundreds of accounts associated with a hacker group that used exploitative tactics to steal and resell them.

Members of the group, known as OGUsers, are receiving cease and desist letters from Instagram’s parent, Facebook Inc, which is also coordinating with law enforcement.

The group was particularly focused on obtaining rare usernames with handles of fewer than five letters, such as @h4ck or @sick, that would be valuable for resale in a secondary market for Instagram accounts. Facebook estimates that OGUsers, which has operated since 2017, is responsible for millions of dollars worth of such transactions. The accounts can fetch thousands or tens of thousands of dollars each, Facebook said.

The announcement Thursday is the first time the company is publicizing the takedown of a large number of resold and hacked Instagram accounts. The security team is concerned that OGUsers, and other groups like it, have become more active and used increasingly threatening tactics to get what they’re seeking. By revealing the hacking process, Facebook said it hopes to make the accounts less desirable to buy.

Such accounts are commonly obtained through phishing attacks, in which hackers send emails disguised as coming from Instagram to get a password, or SIM swapping, which involves mimicking someone’s phone number to override their authentication. But more recently Facebook has observed online and offline harassment, as well as extortion using hacked nude photographs in order to obtain the valuable accounts.

Facebook has also seen Instagram users who own valuable accounts “swatted.” If a target account doesn’t respond to other hacking efforts, the scammer calls the police and reports a bomb threat or active shooter at the account user’s home, so that a SWAT team arrives unexpectedly. Facebook employees have been victims of such attacks, and so declined to have their names associated with the OGUsers takedown.

As Instagram accounts become commercialized, those with high followings, verification badges or desirable usernames become more valuable for resale. The practice is against Instagram’s terms of service, but is difficult for the company to track. Instagram says it attempts to restore accounts to their original owners, but has trouble verifying who an original owner is, especially since hackers often make convincing claims on accounts they don’t own.

The company will prioritize protecting the most vulnerable accounts against future attacks by getting them to sign up for a new Facebook Protect program, previously only available to government officials. The program asks users to enable tougher password security and monitors them for threats.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.