Instagram is testing new features that could make it harder for hackers to steal accounts and hold them for ransom. Hackers have been targeting high-profile Instagram accounts owned by influencers, and threatening to delete them unless victims pay up.
First reported by Motherboard, victims had to pay more than $100 to retrieve their accounts, some of which had more than 50,000 followers before it was taken over.In other cases, hackers will leverage accounts with massive followers and sell off those accounts for as much as $100,000, The Atlantic reported.
These victims often can't retrieve their profiles through traditional methods because the hackers will take measures like changing the account's email address and phone numbers to prevent recoveries.
"We know that losing access to your account can be a distressing experience. We have measures in place to stop accounts from being hacked in the first place, as well as measures to help people recover their accounts," Instagram said in a statement. "But we heard from the community that these measures aren't enough, and people are struggling to regain access to their accounts."
Last August, Instagram acknowledged "people are having difficulties accessing their Instagram accounts," telling people to enable two-factor authentication and using stronger passwords. Instagram accounts can be hacked in many ways: whether it's through a phishing link, or if the victim uses the same login and password for another service that suffered a data breach.
Victims have complained in the past that Instagram did not do much to help them retrieve their hacked accounts. On Monday, Instagram announced two new features to help victims retrieve their hacked accounts.
Now, if Instagram detects you're having trouble logging on or if you click on "Need more help" on the login page, the app will ask people to enter information like the email and phone number tied to your account.
If hackers changed that contact information, you can ask Instagram to send a six-digit recovery code to the email or phone number you originally used to sign up for the app. Instagram said that it would remove all additional devices from the account after using this verification method, so hackers on other devices would be kicked off and unable to get back on.
Once you've recovered your stolen account, you can choose what email address and phone number you want associated with your profile.
Instagram also announced a separate feature that was already available to all Android users and will be rolling out on iOS, aimed at stopping name-squatters.
Instagram accounts with popular handles are often targeted for hacks, as attackers can grab them and sell them off for high prices. Now, when someone changes their username, it'll be locked for a period of time before someone can take it.
This feature was quietly rolled out and first discovered by app researcher Jane Manchun Wong in March.