Monday, May 22, 2022. After all of these years on a computer, I finally had an account hacked. I’ve been cautious with my social media accounts, but sometimes the account of a follower that we trust gets hacked, and the account is then used to hack others. With hindsight, what should have been a red flags becomes very clear. I’m admitting my foolish error and writing this just in hopes of preventing those who read it from screwing up like I did last Friday afternoon. My goal is for all to understand how quickly an account can be hacked and stolen, and apparently how little Big Tech seems to care.
Last Friday afternoon at approximately 3:15 PM I took a break in writing, and checked my ‘thewriteboat’ Instagram account. There was a message that appeared to be from a longtime follower. The person, an outstanding photographer, asked if I would vote for her on becoming an Instagram influencer. Though I’d never been asked to vote for an Instagram influencer, the request set off no alarms. When I agreed, she (I italicize she because I feel sure my follower was not the actual sender) said that she would have a voter form emailed to me. At 3:21 PM, I received an email link like none I’d ever received from Instagram. As I was looking at the email, she messaged me again to see if I’d received the voter form. I replied, that I’d received an email from Instagram, but it appeared to be a link to sign into my account, which made no sense, and nothing indicated a voter form. She – the apparent hacker – asked me to send a screen shot of what I’d received. If the request had come from a complete stranger, I would have sent nothing, would have blocked them and move on with my day. But, I’d never had a reason not to trust the person that I thought was the sender, so I sent the screen shot by way of message, and then signed out and waited to receive an influencer voter form by email. Sending that screen shot was a huge mistake.
At 3:47 PM, I received an email from Instagram,
We noticed a new login, thewriteboat
We noticed a login from a device you don’t usually use.
Apple iPhone · Instagram · Baltimore, MD, United States
May 20 at 12:47 PM (PDT) (3:47 PM EDST)
If this was you, you can safely disregard this email. If this wasn’t you, you can secure your account here.
As soon as I read the message, I clicked onto “You can secure your account here.” WRONG!!! Before I could login to secure the account, it was history. The next email that I received from Instagram read,
Hi, thewriteboat (Time of message 3:48 PM )
You turned on two-factor authentication for your Instagram account. This means we’ll ask you for a security code from your authentication app (I don’t have an authentication app) when we need to confirm that it’s you logging in.
You can turn two-factor authentication off anytime through the account settings menu.
Thanks, The Instagram Team
The next email from Instagram, at 3:49 PM (EDST) read,
The email on your Instagram account was changed from XXXXXXX@gmail.com at 12:48 (PDT) on Friday, May 20 2022. Your new email is XXXXXXXX@XX.XX. If you didn’t change your email address, you can secure your account here.
WRONG AGAIN!!! Too late! From 3:47 PM (EDST) to 3:49 PM (EDST) the hacker had gone into my account, turned on two-factor authentication, and then changed the email address. It was locked down with zero chance of me getting it back without the help of Instagram.
As of 4:23 PM today, May 23, 2022, Instagram has been totally “crickets” on helping me get back an account on which I first posted on January 27, 2014. What also frustrates me is the fact that once your account is hacked and stolen, you have no access to your followers to warn them about possible scams carried out from your account.
Lessons have been learned from this experience, but the biggest is the reminder that Instagram is “Big Tech,” and that if someone on Instagram responds to a political comment or disinformation on the platform, they’re immediately notified that their response comment “may not be acceptable” (paraphrased). Apparently, logarithms determine what’s acceptable to Instagram 24/7, even if the comment is factual. BUT, if you’re a hacker that steals an account in order to scam others, the rightful owner of the account is going to be waiting until Instagram finally decides in silence if they are going to help reclaim the account. I’m concerned that may be never, hence my call today to the South Carolina Attorney General’s office.
If any Big Techies read this, I would strongly encourage NOT ALLOWING an account to turn on two-factor authentication for at least 12, if not 24 hours after a suspicious device has accessed the account, and not allow an email address change for that same period of time. My account was stolen lock, stock, and barrel in less than 45-minutes. If a 12 or 24 hour time frame had been in place on Friday, I could have prevented a hacker from succeeding in stealing my account.
Hopefully anyone reading this will not make my foolish mistake.
I will post updates on this issue if Instagram decides to respond and hopefully return the account to me. One thing is for sure, the hacker cannot tell Instagram the history of every post in that account, and I certainly can.
Oh Captain My Captain