18-year-old Blaze Angel Roberts is a talented surfer.
So good in fact that the Sydney-based surfing star has managed to collect 40,000 followers on her Instagram account.
Unfortunately, her popularity also seems to have drawn the unwanted attention of hackers, who successfully tricked her into clicking on a phishing link, and handing over the password to her email account.
Roberts told Nine Network’s “A Current Affair” TV show that the hackers used the compromised email account as a springboard to hijack her Instagram account:
When Ms Roberts regained access to her email, she found photos of the hackers in her sent messages.
When an account has been hacked, Instagram asks users to verify their identity by sending their security team a photo of themselves holding a piece of paper with a handwritten code that they have provided.
In Ms Roberts outbox she could see the hackers following this process. One photo shows a bearded man in a grey t-shirt, the other a strawberry blonde female.
“For some reason Instagram didn’t think it was concerning that three people had sent them different photos,” Ms Roberts told A Current Affair.
Attempts by the young surfer to regain control of her Instagram account have so far fallen on deaf ears at Instagram:
“I kept messaging Instagram with screenshots and photos to try and send them the proof and they kept saying they didn’t have enough proof and they didn’t know what I was talking about.”
We’ve spoken before about the problems hacked Instagram users have faced in their attempts to regain control of their Instagram accounts.
All too often it seems Instagram is unable or unwilling to assist, and hacked users find their only remaining option to be to set up a new Instagram account from scratch. That’s what Blaze Angel Roberts has done, effectively waving goodbye to the 40,000 followers she has earned in recent years.
Hopefully the publicity generated by her case will help some of those fans find her new account.
Why did the hackers target a popular Instagram account? They probably wanted to exploit its large following – maybe they had plans to scam followers into handing over personal information, or perhaps they had plans to hold it for ransom.
Certainly the posting sexually explicit images is the kind of thing which a social media influencer would be keen to stop quickly before they lost followers and damaged relationships with any potential sponsors.
What’s clear is that all of us, whether social media influencers or not, need to ensure we are doing everything we can to to reduce the chances of having our accounts hacked.
That includes using different, strong, unique passwords for every online account, and enabling two-factor authentication where available.
If Blaze Angel Robert’s email account was hacked en route to the Instagram takeover, one wonders what other online accounts of hers could have potentially been compromised, or what information the hackers might have been able to access from her email archive.
Oh, and Instagram – maybe you can put a little more thought into strengthening your account recovery process to make sure that you’re not the ones handing over the keys to an account to hackers?
As we discussed on a past episode of the “Smashing Security” podcast, enabling two-factor authentication and using a password manager can help prevent your accounts from being phished.
Smashing Security #103: 'An Instagram nightmare, crazy iPhone deaths, and election hack claims'
Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
Read more about two-factor authentication and two-step verification:
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.