Could your selfies be held to ransom? Alleged Instagram account hacker arrested

Enable two-step verification wherever possible, folks.

Could your selfies be held to ransom? Alleged Instagram account hacker arrested

The incredibly cool-sounding Titan, the North West of England’s regional organised crime unit, have arrested a 16-year-old boy from Croxteth, Liverpool, on suspicion of hacking an Instagram account.

The Liverpool Echo quotes Detective Chief Superintendent Chris Green, the head of Titan:

“Our on-going enquiry centres on the alleged blackmailing of someone in another part of the country whose Instagram account, with many thousands of followers, was hacked and taken control of by someone else.”

Sign up to our free newsletter.
Security news, advice, and tips.

“The victim then received messages from the offender asking for a ransom to be paid in return for access to their Instagram account being given back.”

“Another allegation is possibly related is the hacking of someone’s online shopping account whereby goods were re-directed to another person’s address.”

Computer equipment has been seized by law enforcement officers and will be examined by digital forensics experts.

It’s clear to me that this is just more evidence that 2016 is becoming the year of online extortion – online attackers are recognising that there is money to be made through extortion, whether it be demanding a ransom to be paid for the safe return of data, the suspension of a DDoS attack against a website, or the recovery of a social media account.

Past victims of Instagram hackers have included artist Rachel Ryle, who had her account hijacked by a spammer and lost 35,000 followers and a sizeable sponsorship deal as a result.

Earlier this year it was reported that Instagram was beginning to roll out some form of two-factor authentication/two-step verification to better protect users’ accounts.

As Instagram’s parent company Facebook does provide two-step verification (in the form of Login Approvals) one would hope that the wind is blowing in the right direction…

However, I have not been able to confirm that the security feature is available to the Instagram masses yet. If you have more details on whether Instagram users can enable 2FA or 2SV yet, please leave a comment.

Update: Two-step verification is now available to all Instagram users. Turn it on!


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.