I thought I had received bad emails before. Turns out, they can get worse and last week on September 27th, 2018, my online world fell to pieces.
There are a couple of things that happen when disaster strikes and in the past 5 days, I’ve experienced all of them. From sheer panic to uncontrollable crying to acquiring a master’s degree in internet espionage – I have done it all.
10 years of fond memories, silly moments, family gatherings, moments of growth, and so much more were gone in minutes. I was devastated.
On September 27th, hours before I was planned to board a flight home from Hawaii, I received the email below:
Here’s the funny thing: I felt like this was a fake email right from the start! In fact, I don’t even recall clicking on it. But this is most likely how they gained access to my Instagram account. After this email, things went downhill very quickly and it was apparent that the hackers had made a plan. I boarded my plane for home around 11:30 PM MST and within minutes, these 3 emails showed up in my email one after the other:
The hackers had logged into my Instagram account and changed my email and phone number. It was impossible for me to recover my account through normal channels. Then I received this email:
I panicked because I had been on a plane for 7 hours and they said they were going to delete my account after 3 hours. The good news? There is a lot of great information available on the Internet in the event your account gets hacked! If you believe your account has been hacked, the first thing you should do is report the hack to Instagram and wait for Instagram to send you an email with the steps to recover your account.
The bad news? Instagram does NOT offer a lot of help or customer service. It’s a bit of a joke. Every other platform has published phone numbers and emails, but Instagram really doesn’t have anything like that so you’re left waiting until they contact you.
Everything! As you can see, I took screenshots of everything and included this in my emails to Instagram. I was very thorough and explained everything that had happened from the time I boarded my plane.
And then I waited.
If you’re like me, this break gives you a lot of time to get up to no good so I decided to try and negotiate with the terrorists who were holding my account hostage. I channeled my best Liam Neeson from ‘Taken’ and was prepared to tell them, “I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you.”
But these types of threats only work when you actually have the set of skills you’re threatening…so instead, I went with the upfront approach:
Don’t Pay The Ransom
$400 isn’t an inconceivable amount of money to pay but I’ve read in many blog posts that I shouldn’t pay and almost every account has, at some point, been recovered through the normal Instagram recovery process. But I was freaking out about how much of my information the hackers actually had access to. If you see above, I told them I was on a plane and they commented that they knew I was already off the plane! I immediately reset all of my passwords and I made sure that every single one was different.
I also created a second account on Instagram and after a reminder from a helpful follower, made an account under the name of my original account so no one took it! In the meantime, Instagram/Facebook sent me this email:
I’ve read that most people get asked to send in a photo with a written code that Instagram sends but I was not instructed to do this.
Note To Self: Don’t Panic
After I sent in my response, I started emailing them every 30-60 minutes while also asking for help on Instagram. I googled “hacked Instagram account” 5 million times and searched high and low for any contact point I could find!
One thing I have to mention is the community on Instagram. Honestly, the amount of support I’ve gotten through that platform from friends and followers has been incredible. I had offers from wives whose husbands worked for the FBI, offers of help from friends of friends of friends who work for Instagram and Facebook corporate, and just so many words of encouragement and understanding.
In total, I sent 42 emails that day, innumerable DMs and texts, and reached out to as many people as I possibly could. Everything I read said that you just have to be consistent and hound Instagram.
While there is no magic way to get your account back, and I’m still not positive which one of these tactics helped get mine reinstated so quickly, there are a few ways you can keep your account protected and some tried and true steps you SHOULD take in case your account is compromised:
WHAT STEPS TO TAKE IF YOUR INSTAGRAM ACCOUNT HAS BEEN HACKED
The best way to prevent this from ever happening is to properly protect your account in the first place!
- Keep your passwords in a safe place
- Choose difficult passwords with more than 21 characters and different combinations of letters, numbers, and symbols
- Vary your passwords for each account
- Turn on two-factor authentication within the Instagram app
I don’t tell you this last bit to scare you, but to urge you to take your account protection one step further. SMS-based two-factor authentication (2FA) can still leave you vulnerable to an attack known as SIM swapping, in which hackers socially engineer cellular carrier employees to switch a cellphone’s number to a new SIM. This enables attackers to access the SMS texts used in 2FA authentication and gain access to the account. This is what most likely happened to me since I already had two-factor authentication switched on.
If you are really serious about safeguarding your account, I recommend using app-based authentication to sure your account. Instagram announced in August an improvement on its SMS-based 2FA with enhanced security with support for mobile app-based authentication.
What does that mean?
It means you’ll have an outside app that will authorize you across all of your social platforms and provide one more layer of protection between you and any potential hackers!
Here’s how to set up your Instagram account to use a third-party authenticator app:
- Go to your profile.
- Tap the Menu icon.
- If you’ve already installed an authentication app, Instagram will automatically find it and send it a login code. In that case…
- Go to the app, retrieve the code, and enter it on Instagram. That will automatically turn on 2FA.
- If you haven’t already installed an authentication app, Instagram will shuffle you on over to Apple’s App Store or Google Play to download the app of your choosing. Once you’ve installed your chosen authenticator, return to Instagram to continue setting up 2FA.
If you do not have the option to select an Authentication App it may not be available on your device yet. Keep you two-factor on and sent to your phone through text until this option becomes available! If you want to read more about Instagram’s new security roll-out click HERE.
Here are some of the top recommended third-party authentication apps:
As I mentioned in my Instagram stories, I did receive a call from someone at Facebook who questioned me about my account. So many of you are asking how I got my account back and if I have any contact information that I can share, but I have no idea how this employee received my information. I had so many friends and followers that reached out to me on Instagram and offered assistance. I would pass along this individual’s contact information if I could but I didn’t even get their name. No promises were made about restoring my account. In fact, I just provided the same information that was requested in the original email I was sent.
Being Persistent Is Your Best Bet
My advice to you is to utilize Google if you feel the normal process is not serving you well. Yes, Instagram doesn’t provide a lot of insight or help, but they do have a process. And reach out on social media! That’s what is so incredible about this online community – there are so many individuals willing to help out!
I’m so thankful for my little piece of social media. Losing an Instagram account might seem very insignificant to so many of you, but in the moment, it was incredibly devastating. Building a community takes time. It’s not just a bunch of pictures that disappeared, it’s conversations where heartfelt connections were made, uplifting interactions took place, and it’s the platform where I cheer others on and support them from afar.
So take to heart the steps above! Protect yourself and your community from account hijackers!