[HACKED ACCOUNT] Real Experience, €230 Blackmail Payoff for 43k follower account

One of my friends had their account hacked on Friday (July 13th 2018) and I wanted to share the experience for those of you interested in account security.

My friend ended up paying off the blackmailer €230 in bitcoin and did in fact get her account restored. She has 44k followers and is somewhat of a travel influencer from Germany.

This is some of the correspondence from the blackmailer:

From: pumpam pumpam@protonmail.com
Date: 13 July 2018; 22:54:42 MESZ
Subject: Hack!
Reply-to: pumpam pumpam@protonmail.com

Hello!
Your Instagram account has been hacked.
The page at the moment we have, it is temporarily blocked (that you would not have been able to restore it)!
To find out information about the recovery of your account, write to us in answer this e - mail- pumpam@protonmail.com
Be sure to include your Instagram username.
Please don’t stay too long.Since, unfortunately, we will have to delete your account within 3 hours, without the possibility of recovery.
P.S.

~
You can exchange for bitcoins through this website:
https://www.coinmama.com/
or
https://paybis.com/

Directly to our wallet.
Here is my bitcoin (BTC) wallet number: 15PEpKuRnr9sL9h4LaBsgcREWn98RyTTN6
~

Another message later in the day:

We apologize for the brought not convenience! Since we have not received an answer, we are waiting for another 1 hour! If not, then unfortunately we clear account (Remove all photos, who you are subscribed to, mark, direct) and sell account!

My friend has not sent any of the details pertaining to the sender of the email (their IP address, etc.), but it seems unlikely that anything can be done about this in her instance.

If possible, be sure to use 2-factor authentication on any of your important accounts!!!

1 Like

That sucks. When your account starts to get large, I guess it’s ripe for the picking. 2fa is definitely a good idea.

2 Likes

Thanks for the heads up @notapplicable
This grinds my gears :rage:

What kind of pass was your friend using? I’m not into hacking but I’m thinking that they used brute force to hack an account or maybe wi-fi traffic interception. What do you guys think?

1 Like

Sorry for the obvious question, did she not have the original email or phone number for the account?

3 Likes

Brute-forcing would be tough in this day and age I would think? Wouldn’t Instagram limit your login attempts and block both the account and IP? I would assume it was phishing - that’s the easiest way to fool people who aren’t very tech-savvy.

1 Like

Was your friend’s account a business one ?

Phishing is the best way to “hack” nowaydays, I don’t see bruteforce working with IG.

1 Like

okay, bruteforcing was a bad example :slight_smile:

I am really curios to what has caused the hack. In hindsight it might be easy to recall what went wrong. @jas has a good point, but probably they changed the email and phone no. already.

1 Like

Thank you @notapplicable for your warning. As @jas already said, it is a bit weird why your friend paid, as she should have her original email what allows a restorage even after someone hacked an acc. As she received the email from @protonmail.com, she must have still access to her email…

So if this happens to you: dont pay (never ever - there is no guarantee that you even get your acc. back) and restore your acc. by your own:
https://help.instagram.com/149494825257596

4 Likes

Probably she just did a login into instagram through another APP or a similar Instagram client, and behind this there was this person that send her that email.
Thats scary though.

1 Like

She would of been notified that the username or email had changed and then simply reset it!

I guessing this was a pre-built purchased account…

It could have been a free offer (phishing) or the hackers had access to a compromised website db of accounts+emails+passwords, and used a bot to reuse those credentials on other websites like twitter, FB, instagram. most people reuse their own email + password on everything. Many also have duplicate accounts first.lastname@gmail.com first.lastname@yahoo.com, hotmail, mail.com, etc etc etc…

the hackers then probably changed the username and email address, once or multiple times, so the account could not be found. They may have also passed the real username to other accounts, a few times over, to make it harder to track.

Yes, we can contact IG support, but they take 12-48 hours to do anything. In that time frame a hacker can 1)block thousands of followers 2)delete all photos 3)start reposting 100s of very bad content (semi-nudes/disgusting/inappropriate stuff). By the time IG gives back the account, all they can say is “sorry that you lost most of your followers, but at least you get your account back…”

This is a good reason to offer backup services to clients. Backup all posts, all followers, and all followings…

2 Likes

To answer your questions:

  1. Her password prior to being hacked was 6 random lowercase letters (no punctuation, no capitalization, no numbers) - something like “lqnciz”

  2. She did have the original email connected with the account and did receive a notification that the login credentials had been changed, but by the time she clicked on it, it was already too late because everything had been changed (username, password, phone, and email). This was not a pre-built or purchased account - she’s had it for several years and created it herself.

  3. It seems likely that she was a victim of a phishing attempt (moreso than a brute force attempt) because she knows several other people that received the exact same message.

2 Likes

btw, I just saw this: IG is working on a non-sms 2 factor authentication

Source Tech Crunch: https://techcrunch.com/2018/07/17/instagram-2-factor/

Instagram-Two-Factor-InstructionsInstagram-Two-Factor-Instructions-Authenticator-App

There’re very simple ways to get back an account that has been hacked, even if they delete the content or whatever. Instagram takes that topic very seriously and is usually pretty fast and efficient when you ask them.

1 Like

Today a instagram hacker got arrested, for sim swapping bail 1M
They were also blackmailing users. It in the end, they get what they deserve

1 Like

Link?

13charmin

1 Like

If they have created the account themselves, it’s very easy to get their account back. Even if the other person switched the user name. You should generally save your IG ID, as this will help you find it when the username changes. Most people don’t know how to do this, so instead they should go back to posts that they had recently commented on or liked. This is an easy way to find your account. Or just ask a friend who you recently sent a message to what it now shows up as (this is actually the easiest one).

A few weeks ago I created an instagram account using my email. This email is used for facebook too so that guy couldn’t get access to this new instagram account that way. Also, password wasn’t so simple.

One day I see an email from instagram that the email from this new instagram account has been changed to another one. I clicked on the link, telling instagram I don’t recognize this change and instagram restored my account to my original email and I changed password too.

How did he get access? From time to time I get a new email from instagram telling me that someone tried to login.

I thought that when you wanted to change an email on an Instagram account - you must APPROVE this request via the original email account? Correct me if I’m wrong?