Instagram accounts with substantial followings can be lucrative social media properties—especially to hackers.
For more than a year, Instagram has been grappling with affected users’ complaints after hackers have hijacked accounts and extorted the original users or sold them off to the highest bidder.
First reported by Motherboard, victims had to pay more than $100 to retrieve their accounts, some of which had more than 50,000 followers before it was taken over. In other cases, hackers will leverage accounts with massive followers and sell off those accounts for as much as $100,000, The Atlantic reported.
These victims often can’t retrieve their profiles through traditional methods because the hackers will take measures like changing the account’s email address and phone numbers to prevent recoveries.
Now, Instagram is making it easier for users to recover their accounts—and harder for hackers to steal popular or coveted usernames.
With the newly announced changes, which are currently being tested ahead of a wider rollout, Instagram will allow users to access its account recovery tools directly in the app, even if a hacker has changed their account information. So when a person is unable to login to an account, Instagram will prompt users to enter information associated with your account like your email address or phone number. (Users can also access this via “need more help” in the app’s login screen.)
From there, Instagram will send a verification code you can use to access your account. Instagram will also remove any other devices logged into your account, so a hacker who has access to your email will be unable to use the recovery code.
This feature can streamline the account recovery process and make it more likely that you’ll get your username back, even after it’s been compromised. It’s an improvement to Instagram’s current process, which relies on its team members to verify account owners before granting access.
… The company has previously mostly relied on a system that involved having hacking victims take a selfie in which they held up a piece of paper with a code that Instagram sent them. The idea is that human moderators can match their face up with the photo and verify they are who they say they are, but the system doesn’t always work. This new test doesn’t appear to be replacing that system, but rather augmenting it.
“We know that losing access to your account can be a distressing experience. We have measures in place to stop accounts from being hacked in the first place, as well as measures to help people recover their accounts. But we heard from the community that these measures aren’t enough, and people are struggling to regain access to their accounts,” an Instagram spokesperson said in an emailed statement.
Though Instagram’s statement focused on solving the pain point for its users, the social media platform is probably also seeking to bolster its image and increase trust as it continues to struggle with hacking attempts and security breaches.
It’s not certain when the in-app recovery will be widely available, although the user name lockdown is available to all Android users now and deploying to iOS users. However, the goal of the new recovery process is clear — Instagram is hoping that you can eventually recover an account entirely within the app, rather than leaning on the security team.
The timing could be vital. Instagram account security has been a sore point as of late with word of exposed passwords and growing intrusion attempts. This won’t prevent account hijacks, but it could discourage perpetrators hoping to take advantage of vulnerabilities in the current recovery approach.
For brand managers who have helped build large and thriving communities on Instagram, the announcement might come as a relief, especially those that have Instagram handles that match their organization’s brand names.
Instagram’s move also highlights the growing necessity for technology companies and social media platforms to provide solutions that keep users safe from nefarious activity. In a similar manner, organizations that have had data breaches are increasingly expected to provide similar help.
What do you think of the new feature, PR Daily readers?