Instagram removes hundreds of stolen accounts as hacks escalate

Members of the group, known as OGUsers, are receiving cease and desist letters from Instagram’s parent, Facebook. PHOTO: AFP
Updated
Feb 05, 2021, 03:17 AM
Published
Feb 05, 2021, 03:10 AM

NEW YORK (BLOOMBERG) - Instagram is disabling hundreds of accounts associated with a hacker group that used exploitative tactics to steal and resell them.

Members of the group, known as OGUsers, are receiving cease and desist letters from Instagram's parent, Facebook Inc, which is also coordinating with law enforcement.

The group was particularly focused on obtaining rare usernames with handles of fewer than five letters, such as @h4ck or @sick, that would be valuable for resale in a secondary market for Instagram accounts.

Facebook estimates that OGUsers, which has operated since 2017, is responsible for millions of dollars worth of such transactions.

The accounts can fetch thousands or tens of thousands of dollars each, Facebook said.

The announcement on Thursday (Feb 4) is the first time the company is publicising the takedown of a large number of resold and hacked Instagram accounts.

The security team is concerned that OGUsers, and other groups like it, have become more active and used increasingly threatening tactics to get what they are seeking.

By revealing the hacking process, Facebook said it hopes to make the accounts less desirable to buy.

Such accounts are commonly obtained through phishing attacks, in which hackers send emails disguised as coming from Instagram to get a password, or SIM swapping, which involves mimicking someone's phone number to override their authentication.

But more recently Facebook has observed online and offline harassment, as well as extortion using hacked nude photographs in order to obtain the valuable accounts.

Facebook has also seen Instagram users who own valuable accounts "swatted."

If a target account does not respond to other hacking efforts, the scammer calls the police and reports a bomb threat or active shooter at the account user's home, so that a Swat team arrives unexpectedly.

More On This Topic
Facebook tracks 'OceanLotus' hackers to IT firm in Vietnam
'Mercenary' hacker group runs rampant in Middle East, cyber-security research shows

Facebook employees have been victims of such attacks, and so declined to have their names associated with the OGUsers takedown.

As Instagram accounts become commercialised, those with high followings, verification badges or desirable usernames become more valuable for resale.

The practice is against Instagram's terms of service, but is difficult for the company to track.

Instagram says it attempts to restore accounts to their original owners, but has trouble verifying who an original owner is, especially since hackers often make convincing claims on accounts they don't own.

The company will prioritise protecting the most vulnerable accounts against future attacks by getting them to sign up for a new Facebook Protect program, previously only available to government officials.

The program asks users to enable tougher password security and monitors them for threats.

More On This Topic
Ethical hacker plays bad guy for clients
College pals from China became among most prolific hackers ever, US says

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top