Instagram is testing new features that could make it harder for hackers to steal accounts and hold them for ransom. Because hackers often changed the email, phone number, or username associated with an account, it could be incredibly hard if not impossible for the actual account owner to navigate the automated support system. Several months earlier, the same blog explained that Instagram suffered from an influencer-hacking problem.
First reported by Motherboard, victims had to pay more than $100 to retrieve their accounts, some of which had more than 50,000 followers before it was taken over.In other cases, hackers will leverage accounts with massive followers and sell off those accounts for as much as $100,000, The Atlantic reported. Instagram will also remove any other devices logged into your account, so a hacker who has access to your email will be unable to use the recovery code. The update comes nearly a year after Mashable first reported that a wave of weird hacks had hit Instagram users, leaving them little recourse to get their accounts back. "But we heard from the community that these measures aren't enough, and people are struggling to regain access to their accounts".
That doesn't mean hackers won't be able to steal your Instagram logins.
Victims have complained in the past that Instagram did not do much to help them retrieve their hacked accounts. On Monday, Instagram announced two new features to help victims retrieve their hacked accounts.
The trial is an in-app function where users submit contact information associated with the account, and then receive an access code.
With the newly announced changes, which are now being tested ahead of a wider rollout, Instagram will allow users to access its account recovery tools directly in the app, even if a hacker has changed their account information.
The process will work even if the attacker changed the account name, which is especially useful if you happen to own a sought-after handle that would sell for tens of thousands of dollars.
After asking for help, users will be asked to enter the email address or phone number linked to the account, or the ones used when they first signed up for the service.
For now, details on the wider availability of this in-app remains unclear, although the username lockdown has been made available to all Android users now which is being deployed to iOS users as well.