How hackers are extorting Instagram users and throwing away the key

Trend Micro research on the phishing of Instagram users underscores how hackers are exploiting the value of social-media brands.
(Perzonseo Webbyra / Flickr)

A hacking group has been phishing the owners of popular Instagram accounts, extorting the victims, and then keeping them from recovering the stolen accounts, according to new research that underscores how attackers are exploiting the value of social-media brands.

“We’ve seen cases where owners of Instagram profiles with followers between 15,000 and 70,000 were hacked and were never retrieved,” researchers from cybersecurity company Trend Micro wrote in a Thursday blog post. “The victims ranged from famous actors and singers to owners of startup businesses like photoshoot equipment rentals.”

As with many a breach, the attack starts with a phishing email. Trend Micro researchers got a hold of the hackers’ phishing kit to explore further.

The lure purports to be a message from Instagram asking users to get a “verified badge” and encourages them to submit login credentials. Once the hackers have access to the Instagram profile and the email associated with it, they can alter the information needed to recover the stolen account, the Trend Micro researchers said.


With a user’s Instagram footprint thoroughly compromised, the extortion attempts began. In one case, researchers said, a hacker threatened to delete the Instagram account or keep the stolen profile for good unless the victim sent nude photos or videos, or paid a ransom.

The Turkish-speaking group appears to have researched how to abuse Instagram’s account-recovery process on a hacking forum, according to Trend Micro.

The researchers said they contacted Facebook, which owns Instagram, and Instagram itself but have yet to hear back from the social media platforms.

There are software tools to block phishing, but people can also use their common sense as a defense. The researchers advised users to carefully check the domains from which they are getting emails and be on the lookout for unusual font sizes, bad grammar, and emails that ask for login credentials – something social-media platforms don’t do.

Like other major social media services, Instagram has had to grapple with efforts by hackers and propagandists to abuse its platform. In 2017, after hackers claimed to have compromised information on 6 million Instagram users, the company reportedly acquired web domains in an attempt to block access to the stolen data. Besides phishing attacks, SIM swapping is another way hackers acquire access to accounts.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts