Over the years, hackers have tried a number of things to steal my handle and I can usually tell how they get in. These days, I have no idea. I've been SIM swapped a handful of times. One time a hacker faxed a fake ID to Godaddy to try and swap out my domain to gain control of my email (they were successful).
Now, I will try to log in to my account and will just be locked out. The email I created specifically for Instagram is not recognized, and there is no way to reset my password.
I have two-factor auth on, I don't use the same password anywhere else, I change it regularly, etc.
My current theory is there is some employee at Meta that's ultimately stealing the account. Does anybody have any idea how they're hacking me?
PS: the worst part about all this is in order to get the handle back, I have to pull strings with folks I know at Meta, for a normal user, they would have absolutely no way of regaining access...
[Update] Just got the account back and still have no idea how my email was removed from the account...
[Update 2] Reviewing the security section I see a password reset email was sent to [username]@instagramz.com. No clue how or who changed the account email to that though.
In the old days, I remember people going after short domains in the same manner. ICANN ended up adding locking (auth codes) - perhaps IG and other social sites can learn from it.
Be safe!
https://www.nytimes.com/2021/02/04/style/instagram-account-f...
You’ll be amazed how much googling I do when having conversations with friends - I wasn’t born in the West and things like movie references leave me confused af! But I hide it… thank goodness for urban dictionary
https://gimletmedia.com/shows/reply-all/v4he6k
tl;dr There's underground marketplaces where shady people buy and sell OG usernames for money, which creates an incentive for shady people to steal them from the original owners.
Good luck defending your handle!
The strange thing is when I try to appeal I get this page.
"Security check To confirm your identity, we will text a confirmation code to your phone."
I select my phone number, and receive the right SMS, but it says
"Error Sending SMS Could not send confirmation SMS. Please check the phone number and try again."
So I cannot actually enter the code.
I also have 2FA enabled and this doesn't seem to have been breached.
On deviced that are still logged in I see them telling me I have posted something that is in typical photos grid format, but they don't show me what the photos were. When I press the button to request review, it does nothing.
<https://savolai.net/uncategorized-en/banned-from-facebook-an...>
There was another user here the other day who had their heavymetal community page hacked, and facebook's advice page was to "politely ask the new owner to let them back in" [1].
Absolutely ridiculous.
This happens all the time, there is no recourse. Instagram employees are constantly taking usernames for themselves.
So they frustrate users long enough to eventually give up on constantly reclaiming the account, then they get it for themselves to sell or whatever.
[1] Ok, this is a little unfair. They do have customer service, but what they don't have is product service, and this guy is just part of the product, not a customer.
I never even figured out why the "Royals" wanted specifically @sussexroyal or whatever it was so badly. The Royals can't even be like the rest of us and pick a handle that is available, they have to be like "well no we deserve this one even though someone has it already"
This was my first thought given the e-mail address change. Someone e.g. bribing a support person.
My (uninformed) guess would be that given that you got the account back, this probably got escalated, someone looked at it, fixed it, and hopefully got the criminal support person's access disabled, until the next one gets bribed...
You will be forever fucked, as big as Meta/Facebook/Instagram's exploit attack surface is. Microsoft/Office/Xbox is in a similar position as well.
early lucky adopters not employees will always have their accounts poached constantly on every common platform. eventually those who have the names paid for the 'rights,' or defend it communally.
yes, communally - it is a literal racket of cybergangters on every platform leveraging anything from social engineering your doxxed naive grandma into reading a private key to 0-daying your teamviewer to install a common keylogger.
bribing csr's is extremely common, as is sim-swapping (bribing att/verizon csr's), and there are a myriad of attack vectors in between
but of course 94% are just script kiddies using a "turbo"/api-spammer to take the username between other 3rd party transactions. it's a parasitic economy of bottom-feeders and iGangsters.
I’ve tried to contact meta/Instagram about 50 times and not once has anyone emailed me back
How is it this hard to get support? It’s a personal account and I still have it so I don’t really care that much but there must be a way to get a hold of someone isn’t there!?
Her Instagram Handle Was ‘Metaverse.’ Last Month, It Vanished.
If you're only using this via the app from a mobile device, then malware is an unlikely explanation though.
(Why are you regularly changing the password anyway? What's the threat model you're trying to guard against?)
ha....someone stole this domain or hijacked/spoofed an email chain in the password reset api. you should be honored.
>Last updated from Registry RDAP DB: 2021-12-28 06:35:41 UTC
it of course still resolves to instagram.
Now, my account gets taken without any noticeable trace on my end. No security emails, no suspicious login attempts, nada...
NSA employees do it, why would META employees would be better than the average?
