During a casual lunch period in late September, I received a direct message on Instagram from my friend’s account. The conversation seemed typical, talking about how we were feeling — until he asked for my phone number to help verify his account. Without hesitation, I shared my number. I received a verification code and a link from Instagram, which I sent to his account as requested.
Upon entering Instagram again, it told me I had been logged out. It was too late: something had gone terribly wrong. My account had been hacked. I wasn’t the only one. Multiple Lab students were hacked by the same user, who demanded $50 to restore our accounts. We attempted to contact Instagram, but it didn’t seem to help.
While Instagram could do more to help users to restore accounts, responsibility lies within users to take reasonable steps to protect their accounts. It’s imperative that Instagram users stay aware of these possible phishing techniques, and they should be the ones who prevent hackers invading their privacy.
In fact, in July 2021 Instagram implemented an initiative called Security Checkup, a policy meant to guide hack users to recover their accounts by providing them step-by-step instructions on how to secure their account again. Their page also echoes standard online recommendations of two-factor authentication, keeping their email and phone number up to date, and other advice that would provide possible help for users who are not aware of these phishing methods.
Instagram also has a Universal Hack Lock program, a system that helps hacked users by confirming their accounts using verification codes with the email or phone numbers listed in their account, once again emphasizing the importance of keeping the users’ emails and phone numbers updated.
Some users worry that Instagram might share their personal information with other platforms. For such instances, Instagram’s Terms of Use state that they do not share users’ informations unless the user specifically gives Instagram permission to do so.
Instagram isn’t the only social media platform that has such policies. Facebook and X, formerly Twitter, have such services for their users as well. It seems like it’s really the user’s responsibility to take care of their own security.
Experiencing an unexpected phishing incident initially left me feeling anxious about the potential exposure of my information. Despite the fact that the hacker did not do so, I have feelings of regret ingrained in my heart. Within a few days, I created a new account and the very first thing I did was to set up a two-factor authentication, and now I stay more suspicious of any messages I receive on my Instagram account.