A Viral Instagram Hack Is Hijacking Accounts, Lockdown Your Data With These Steps

There is a rash of complaints on Twitter over a recent Instagram hack that has left numerous users unable to access their accounts. Preliminary data suggests that the shenanigans originate from Russia, though nothing has been confirmed. Instagram is investigation the issue, and in the meantime, it has some advice for users.

"If you received an email from us notifying you of a change in your email address, and you did not initiate this change— please click the link marked ‘revert this change’ in the email, and then change your password," Instagram advised in blog post.
Instagram also reiterated the importance of using a strong password, suggesting a combination of at least six numbers, letters, and punctuation marks. And of course it should be a unique password to Instagram, not a recycled one that is in use for other types of accounts across the web.

Affected users are finding themselves locked out of their accounts. In some cases, the culprit will change the Instagram account owner's profile picture, in several cases to an image from a Disney or Pixar movie. Less fortunate Instagram users found that their accounts have been deleted altogether.

It's not clear if this is the work of an individual, a group, or multiple individuals and groups. However, some of the hacked accounts had their email changed to one pointing to Russia's mail.ru email provider.

To protect yourself from this sort of thing, there are some additional precautions you can take. One of them is to enable two-factor authentication. At present, Instagram supports 2FA through text messaging, but is "working on additional two-factor functionality with more to share soon."

Users can revoke access to any suspicious third-party apps by heading into Settings > Authorized Applications. Beyond that, it is pretty much a waiting game until Instagram figures out exactly what is going on.