A School for Creativity, Consciousness & Clarity

Instagram Hackings – A Guide

The Broad Place has now had its Instagram account hacked twice, and reinstated twice. I have had so many conversations about Instagram hackings, and am by no means an expert but wanted to share what I could here, as we are now being asked so much about what to do. If you are hacked, I feel you. It’s not a great feeling, and can be truly frustrating. You will have no way of telling your followers what’s happening either. Please note, you will likely still have to google certain elements this is not a ‘covers every detail’ guide. We are publishing this out of kindness to anyone who has been hacked, and will not be responding to ANY emails or messages in regards to hacked accounts – as all we know is within this post.

Before you even dive into this, if you have not been hacked yet but are worried about it, you should know that hackings are increasing exponentially. Some suggestions include

  1. Put Two Step Authentication ON
  2. Ensure the email account associated with your Instagram is not associated with anything else, create something dedicated to this
  3. It would be a good idea to have placed a small number of Facebook ads as then you can track an ID number from that spend through to a case number eventually. We hadn’t done this and it made the process much harder.
  4. NO MATTER WHAT ensure you or anyone that has access to your account NEVER responds to emails from ‘Instagram’ asking for any personal information or claiming you are now certified for the blue tick. These are all phishing for your information. If you have any queries be inside your account and managing it live, NOT from clicking on Instagram emails that aren’t from Instagram!
  5. Ultimately let as few people as you can access your Instagram account.  

I will break this article down into

  • initial thoughts
  • philosophy and thoughts
  • practical tips and processes

Firstly, The Broad Place is a small business, and the information here is mostly centered around business accounts. To have a business account it means you are paying for certain features on Instagram, as well as a level of insight into your followers. If you have a personal account I am unsure if this information is going to help you but perhaps there are some things within here that will help.

Secondly, the key thing to do is stay calm and truly don’t panic. If you are hacked, there is a chance you will get it back, and panicking is not going to make that happen any faster. Yes it is infuriatingly frustrating that Instagram have virtually no support whatsoever, especially for a paid service, but getting worked up about it will not help.

Thirdly, here are SO many ways in which your account might be hacked, and so there’s no straight forward way in which to approach it. So what worked for someone else might not work for you. It can be hard to work out exactly what is happening with your hacked account and therefore figure out your best part. Return to point 1, patience is key.

Fourth, getting your account back in truth can be a popularity contest, and the more people you know at Instagram and Facebook the better. If you don’t know anyone, honestly, best of luck, it’s a minefield. We ONLY had our account reinstated as we knew people who worked at both platforms. I cannot give out their details so please don’t ask. We were stuck in a weird virtual version of a wall with no doors or windows, unable to log into Facebook or Instagram to even lodge a claim. Don’t underestimate who you know, if you have a decent following you can try connect with them through other accounts and ask for help. That is what helped us, I posted on my personal page and a bunch of amazing people I am so grateful for, came forward with contacts and suggestions. The one amazing thing about Instagram is the community it builds! 

Lastly, more frequently extortion seems to be occurring, where hackers hold your page to ransom. I have heard too many horror stories of people paying and not getting it back, to recommend you pay anyone. I was also offered the details of a guy who would take $2500USD to use his contact at Facebook to escalate the case. I politely declined, and was in a position to thankfully as was in touch with someone at Facebook already.

PHILOSOPHY + THOUGHTS

I have loved being on Instagram for years now, having found it a remarkable way in which to share, connect, create, research, and let’s face it, laugh at memes. I have loved some of the meaningful friendships I have gained through Instagram. People I once never knew, moved over from the digital world into my real life world, and I will be forever grateful for that. Also as a way in which to document, share and be shared with, Instagram has astounded me! It’s a platform that has myriads of benefits.

Once COVID-19 began it’s waves around the world though, I noticed a big shift in how I was interacting with it, as well as in others I followed and our followers. It began to make me feel slightly more nervous and anxious, and I was setting up even more and more boundaries around how I engaged with it, which in hindsight was also a little  exhausting. I took some breaks from it, but always felt drawn back in for numerous reasons. 

The amount of time I was spending on Instagram was also slowly increasing. I had it capped at an hour a day, and often wasn’t on there daily, but since March, I had noticed our DM’s doubling and my time on it was increasing slowly. Even at an extra 15 minutes a day, I was looking at about 10 hours a week. Additionally there was the time in writing all the content for our Letters that wasn’t included within that, posting to Planoly and also taking photos (which in truth I spent hardly any time on at all, but still).

Once we got hacked again, I reclaimed this 10+ hours a week for writing, working on other projects and honestly just lying in the sun NOT looking at a small screen and it felt so incredibly excellent! I had been justifying the time as ‘work’ but also spent a lot of time blurring the lines with friends in my DM’s and forwarding stuff and also just noodling around in there. I had a very blunt chat with a friend who also pointed out it’s shaping our consciousness in ways we cannot even imagine. Every engagement we have even socially is subconsciously edited through the lens of ‘to post/not to post’ and not wanting to ‘humble brag’ or, to actually to simply, blatantly just gloat. Given I spend so much of my time engaging with things that expand my consciousness, Instagram was quite frankly doing the opposite, and contracting it. I could argue it was making my world bigger, but really, it was only happening through tiny digital squares and was making it smaller as it was taking away from my ability to engage with other things in my life. An hour a day on Instagram, is more time for example than I spend meditating. 

When hacked, I was astounded to hear so many businesses were also being hacked, and about how little support there was. It also made me REALLY consider our engagement with the platform moving forward. We have had @thebroadplace for 8 years, and to lose 8 years of archived photography, writing and communication as well as be unable to communicate to over 42,000 people that we had been hacked, made me question my commitment to the platform moving forward. As should you. It is no accident that Instagram continue to build in features for small and large businesses that mean they trim down on other mediums and focus on Instagram. The more time spent on Instagram for the business and the follower, the better it is for Instagram. However, it is a truly volatile platform with very little security put into place. Putting aside that you don’t own the intellectual property of ANYTHING you post on your page, you also can at the blink of an eye lose absolutely anything. So making this your primary source of communication is very risky. Diversifying with your website, email database and other channels is becoming more increasingly important.

Some questions to ponder include

– consider why you are engaging with Instagram truly in the first place?
– feel into what would life and your business look like without it
– ask continuously why do you post what you post, and are you simply monetising every facet of your life for a platform owned by Facebook? This is a HUGE question that has continually come up with fear from people I know when discussing Instagram and the monetization/blurred lines with product placement and ads that aren’t named as ads.
– really consider if you had a year left to live, are you okay with the amount of time you invest digitally?
– are you overly invested in one medium and what could be done about that?

How we engage with social media is always and will likely always be conflicted. However we can truly question our engagement and pave new paths moving forward. 

PRACTICAL TIPS

This is a Guide that was very kindly shared with us by our friends at Leif Products who also got hacked. There’s LOTS of helpful things in here. Please note none of this I was able to use with The Broad Place as we weren’t phished, but hacked potentially through a compromised Facebook attack.

LEIF’s HELPFUL GUIDE!

Step One

Before you do anything on Instagram, figure out where the hack may have come from.

If you don’t secure the original source where a potential phishing scam/security breach came from, then you run the risk of all your follow-up attempts to verify the account to go straight into the hands of the hacker (as they now have access to your passwords and potentially emails).

For us it was this phishing scam email. It’s quite sophisticated as they copied the formatting of the official Instagram emails, so on first glance it may look real. Look at other emails from Instagram and check if the email address it’s from is the same. We had just reached 10K followers, so the timing felt like it was a genuine offer, were working quickly and just clicked through. There are red flags now, e.g. mention of ‘famous people’ but hindsight is 20/20. When you click links in these types of emails, that is what the “phishing” element is, it enables the hacker to infiltrate your account and password.

Mark as Junk, block that sender, take a screenshot, and keep a file for your records. If you don’t know the source that’s ok, just move onto the next step.

Step Two – Passwords

Before you do anything further on Instagram, change your passwords for EVERYTHING. Particularly your email first as that is likely where a breach came from. Do not have the same passwords for your personal and work emails, social accounts like Facebook and Instagram, and anything connected to socials like Planoly, Klaviyo, Mailchimp, etc.

If you are a business and have an IT team/site administrator managing the company’s server, let them know immediately so they can help to restore passwords and bolster security (eventually they can help to block IP addresses but that’s optional).

Step Three – Instagram

Once your passwords are changed, time to report to Instagram and Facebook. There is no phone support or direct email available, all support has to go through the Instagram app’s ‘help’ functions and/or Facebook business support. Take screenshots of the profile as it is now, and then with any changes that are made in the coming hours/days. Keep a record of everything.

Instagram login help:

1. Click the drop-down arrow where the profile names appear when you normally switch between (you should still be logged into other IG profile/s if you have more than the one). If no other accounts are logged in, go straight to step #4.

2. At the bottom of those options, click Add account

3. Click Login to Existing Account

4. Click Forgotten password?

5. Enter the Username (handle) of your account (not email as that has been changed when you were hacked). If they do end up changing your handle, enter the new one, whatever is currently active, for login support with the next steps. Click Next.

Un-hack your IG account

If you don’t have two-factor authentication enabled: it will say ‘Email Link Sent. We sent an email to x*******@x******.com (hacker’s email) to get back into your account. Don’t freak out, it’s ok and the hacker will know you’re naturally trying to regain access. Take a screenshot for your records and press ok. Then click the bottom option: ‘Need more help?’

If you do have two-factor authentication enabled: It should come up with the option to send an email or a text. It will give you the option of sending an email to x*******@x******.com (hacker’s email) or +12 *** *** *34 (presumably hacker’s phone). Take a screenshot for your records and click the bottom

option: ‘Need more help?’

Unlikely at this stage but if there is an option to send to two emails, either the hacker’s or yours, click yours but ONLY if you have changed your email passwords already! If at any point, your phone reappears as an option to authenticate, click that option to send the login link to. This only appeared for us once we had tried several times so do keep returning to this screen and trying again, alongside Facebook support and the IG request support form. When you click ‘Need more help?’: It will lead you to a screen

‘Help Us Recover Your Account’. If only the hacker’s email appears, click ‘I can’t access this email or phone number’ to get to the Request Support page. Fill out all the relevant details with as much info as you can.

Screenshot and submit via the Request Support button at the bottom. It will thank you and tell you your request has submitted and that they process all queries in the order they are received (chronologically). If when you click ‘need more help’ it takes you to an account assistance/info page, it means that they’ve received a recent enquiry from you already. You can quit the app and refresh and keep re-submitting but it is worth allowing some time in between as they simply have millions of users requesting help. Un-hack your IG account

Step Four – Facebook

Go to Facebook Business Help Centre: https://www.facebook.com/business/help/support

(May only be an option if you have a business page with FB). Click ‘Chat’. It will lead you to this screen. Fill out all the details you can. If you don’t know your Ad Account ID you can find it on the Ads

Manager page:

https://www.facebook.com/adsmanager/

Click start chat.

You’ll be put in touch with Facebook Concierge Support who are the front line of customer service. They’re not particularly empowered to do anything but help build your case to pass onto their ‘Internal team’. They will give you a Case ID and reference numbers for your info. This is where you provide lots of information and include all the screenshots of the hacked page.

Un-hack your IG account

They will then chat to you through FB messenger.

• Include any screenshots of your profile prior to the hack if you have them. Markup the photos to point out changes.

• Do their work for them to make it super easy to see how clearly it is hacked.

• Keep submitting them info and screenshots of any gradual changes (i.e. if they change your profile picture, handle, remove captions or links, add new photos, delete some etc).

• They will tell you someone will get back to you in a certain amount of time (for us they said 24-48 hours at the least, which they didn’t end up doing, but the support team were pretty helpful in expressing sympathy and adding new information to our Case ID file for their developer team to review).

Step Five – Get back in

Repeat step three – try to login on IG, click ‘forgot password?’ and ‘need more help’.

After repeatedly doing this for two days, alongside talking to Facebook support, when I did this for the 100th time, suddenly our original email appeared AS WELL AS the hacker’s email, when previously only the hacker’s was an option to send the security code to. Because I knew we had changed our email and server passwords I knew it was now safe.

• Clicked our email option, then ‘Send Security Code’

• Found that email and entered security code in as fast as I could

• Then it gave me an option to double-authenticate from my mobile, so I entered that and authenticated.

• All of a sudden, we were back in! 🎉

• It brought me to the account recovery page where I could change the name and username (@handle) back to our original one (they had changed the handle to a silly name). I did name and handle first, left the website and caption for later as I wanted to set up two-factor authentication as fast as I could.

Un-hack your IG account

When you get your account back:

• From your own profile page, click top right corner where there are three lines (the three dots option appears when you view other people’s accounts, three lines are when you’re logged into your own). Click ‘Settings’ > Click ‘Security’ > click Twofactor authentication

• Set up two-factor authentication

• Contact Facebook and Instagram via the aforementioned methods to let them know you have got back in, and request that they permanently block and delete the hacker email from accessing your account again. This may take a while.

• Let your followers know you were hacked and are now back

• Make it a habit not to email passwords to team members, etc.

Other info:

There are the three dots on the top right corner of Instagram that some people use on both an account level and an individual photo level.

• Best not to report the overall account as spam as you’re trying to regain access rather than get the account deleted.

• If they have posted new photos on your account, you can click the report option via the three dots on the top-right corner (note, once reported as spam, Instagram will hide this reported photo/story from you) so make sure you screenshot beforehand.

• Tell friends not to engage with the hackers via stories or messages etc. Engagement will only put it in front of more people.

• Personally, I think it’s best to not try and contact the hackers directly, even if they’re threatening you or deleting content to get your attention. Try and go through support first and allow time for the process.

• Stay calm and stay safe.

This approach may not work for everyone, but I hope it helps.

GOOD LUCK!