How my Instagram account got hacked
Every so often I receive an unsolicited friend request on social media from an attractive woman doing a suggestive pose in her profile picture.
I’m not just showing off that I get the occasional friend request from an attractive lady. The person in the profile picture of these accounts probably looks nothing like the person requesting to follow or befriend me.
Quite often these are hijacked accounts used by a cybercriminal to exploit your sexual desires.
I’m going to share a deep dark secret with you
In April 2012, Instagram was launched on Android devices. When the popularity of the Android app grew, I signed up to an account and uploaded a single picture to see what the fuss was about. I then removed the app and didn’t sign into the app again until 2015.
When I signed in, I could see that my account had been following thousands of people unknown to me.
Yes, that’s right ladies and gentlemen, I may have once been an attractive woman doing a suggestive pose to lure people into following me back or click on a link. Well, perhaps my hacked Instagram account could have been.
I had a million and one questions running through my head as to how this could happen. In 2015 my career in IT Security was budding, and to save myself the embarrassment of having a hacked account, I immediately changed my password and unfollowed all unknown accounts.
4 years on, I think I know what happened
In the news every so often, we see a company suffering a data breach. These data breaches may include things like passwords and email addresses. Between 2012 when Instagram was launched and 2015 when I logged back into my account there were a number of breaches of note, including Yahoo, Adobe, eBay, JP Morgan, LinkedIn and Target.
It’s very likely that whoever logged into my dormant Instagram account was using a method that is referred to as credential stuffing.