Instagram Hack Promotes Porn Spam And Adult Dating

Symantec warns of Instagram profile hack that uses compromised accounts to promote adult dating websites

Symantec has warned of a very nasty hack that could hit Instagram users where it hurts the most, their social networking reputation.

The security vendor said that hacked Instagram profiles are being altered with pornographic imagery promoting adult dating and porn spam.

Instagram Hack

Instagram Stories AndroidInstagram of course has been in the security spotlight and had been under pressure to ramp up its security following a number of high-profile incidents in 2015, including one where the account of pop star Taylor Swift was hijacked by hackers Lizard Squad.

In February the photo-sharing service added two-factor authentication (2FA) to its service, which meant users could choose to have two forms of identification verified before accessing their account.

It was hoped that the introduction of 2FA would cut down on unauthorised access to user accounts. That move also brought Instagram up to scratch with many other leading social media sites, which had that protection in place for some time.

But Symantec has found that Instagram still needs to work on its security, after finding earlier this year an influx of fake Instagram profiles luring users to adult dating sites. But now it seems that scammers are going one step further, and are changing user profiles with sexually suggestive imagery.

“Scammers are naturally attracted to large online communities and with 500m monthly active users, Instagram makes a prime target for maximum impact,” said Nick Shaw, EMEA Vice President and General Manager at Norton by Symantec.

“The influx of affected Instagram accounts identified by Symantec’s Response team showcases a scenario when a hack could not only compromise your account but also damage your online reputation through profile alterations,” he said.

Changed Passwords

Symantec said it had not yet identified any particular data breach that led to the hack, but suspects weak passwords and password reuse are to blame.

Courtsey of Symantec
Courtsey of Symantec

Hacked profiles exhibited a number of traits including a modified user name; a different profile image; a different profile full name; a different profile bio; changes to profile links, and new photos added.

Symantec said that the hacked Instagram profile have their passwords changed, and the hacked account instructs the user to visit the profile link, which is either a shortened URL or a direct link to the destination site.

The profile image is changed to a photograph of a woman, regardless of the gender of the actual account owner. The hackers also uploaded sexually suggestive images, but do not delete any images uploaded by the account owner.

Victims are directed to a website that has a survey “suggesting that a woman has nude photos to share and that the user will be directed to a site that offers “quick sex” rather than dating.” If the victim tried to visit those sites, they are sent to a random Facebook user’s profile.

Shaw pointed out that Symantec’s 2015 Internet Security Threat Report had identified that the UK is the second most targeted country globally for social media scams.

He recommended that Instagram users immediately turn on two-factor authentication.

Instagram was acquired by Facebook back in 2012.

Are you a security pro? Try our quiz!