Instagram hack: hundreds of accounts taken over in mysterious Russian attack
A widespread hacking campaign that appears to stem from Russia is affecting hundreds of Instagram users, leaving people locked out of their accounts.
The hack sees Instagram account names, profile pictures, passwords and email addresses associated with accounts changed by the attackers, with the new email addresses originating from a Russian email provider.
Many of the affected accounts have had their profile pictures replaced with stills from popular films, including Pirates of the Caribbean and Despicable Me 3.
A spokesperson for Instagram was not immediately available for comment but the company tweeted an acknowledgement of the issue on Wednesday, 15 August.
"We are aware that some people are having difficulty accessing their Instagram accounts," the company tweeted. "If you think you have been impacted, please follow our guidance to regain access."
The Facebook-owned firm's official guidance for regaining access to a hacked account claim that Instagram users will be notified of any change of email address to their account via an email to the original address.
"Please click the link marked 'revert this change' in the email, and then change your password," the guidelines state. "We advise you pick a strong password. Use a combination of at least six numbers, letters and punctuation marks... It should be different from other passwords used elsewhere on the internet."
One Instagram user took to Twitter to complain about the security process, which they claimed was unable to restore their account.
"I'm concerned because my account has been taken over by the hacker – but I did not receive any email from Instagram whatsoever when my email was changed," one Twitter user wrote to Instagram.
"Can you help? Your guides are not helping me so far, but I'm glad you are aware of the problem."
Some security experts have speculated that the hacked accounts could be used as spam bots, with privacy advocate Paul Bischoff telling Threatpost: "Even if some victims regain control of their accounts, many of those affected have likely quit the platform or just won't go through the trouble, adding soldiers to the spambot army."