How does my Instagram keep getting compromised?

Your situation is apparently common nowadays with OG usernames and can get very dangerous. I had no idea this was a thing until I listened to an episode on Darknet Diaries [0] recently.

In the old days, I remember people going after short domains in the same manner. ICANN ended up adding locking (auth codes) - perhaps IG and other social sites can learn from it.

Be safe!

[0]https://darknetdiaries.com/episode/106/

I'd auction and sell it and be done with the headache personally. It's likely one day your meta well will dry up and that will be it, years of back and forth to see the handle gone and promoting crypto eventually or some crap.

Have you tried reporting this to Meta’s security team and copying your state’s attorney general? Sounds like the CFAA would apply. You may not win, but making noise may help, and if it’s an insider they might be fired if Meta knows the legal apparatus is notified.

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

My account seems to have gotten hijacked too. Someone has (apparently) posted something that's against community standards in my profile, as a consequence of which FB has disabled my account and says if I don't appeal in 30 days, the account will be disabled.

The strange thing is when I try to appeal I get this page.

"Security check To confirm your identity, we will text a confirmation code to your phone."

I select my phone number, and receive the right SMS, but it says

"Error Sending SMS Could not send confirmation SMS. Please check the phone number and try again."

So I cannot actually enter the code.

I also have 2FA enabled and this doesn't seem to have been breached.

On deviced that are still logged in I see them telling me I have posted something that is in typical photos grid format, but they don't show me what the photos were. When I press the button to request review, it does nothing.

<https://savolai.net/uncategorized-en/banned-from-facebook-an...>

I would look at your email forwarding filters. It's common to see compromises with this pattern where the email for your account was compromised and all the email is being forwarded to an attacker.

Meta just seems to be superhackable with the company not giving a shit these days.

There was another user here the other day who had their heavymetal community page hacked, and facebook's advice page was to "politely ask the new owner to let them back in" [1].

Absolutely ridiculous.

[1] https://news.ycombinator.com/item?id=29706571

If you are using the nickname china and have registered it a lot of places, even if you are completely non political and in no way associated with the country China, I can imagine the existence of these accounts outside of the governments control is a risk the government will be willing to spend millions trying to get rid of. I'm not sure you can fight that, at least not by yourself.

> My current theory is there is some employee at Meta that's ultimately stealing the account

This happens all the time, there is no recourse. Instagram employees are constantly taking usernames for themselves.

If your IG handle is the same as your HN handle, could it be some very motivated people from that country's bureaucracy looking to take that handle for the state?

> My current theory is there is some employee at Meta that's ultimately stealing the account.

This was my first thought given the e-mail address change. Someone e.g. bribing a support person.

My (uninformed) guess would be that given that you got the account back, this probably got escalated, someone looked at it, fixed it, and hopefully got the criminal support person's access disabled, until the next one gets bribed...

>China

You will be forever fucked, as big as Meta/Facebook/Instagram's exploit attack surface is. Microsoft/Office/Xbox is in a similar position as well.

early lucky adopters not employees will always have their accounts poached constantly on every common platform. eventually those who have the names paid for the 'rights,' or defend it communally.

yes, communally - it is a literal racket of cybergangters on every platform leveraging anything from social engineering your doxxed naive grandma into reading a private key to 0-daying your teamviewer to install a common keylogger.

bribing csr's is extremely common, as is sim-swapping (bribing att/verizon csr's), and there are a myriad of attack vectors in between

but of course 94% are just script kiddies using a "turbo"/api-spammer to take the username between other 3rd party transactions. it's a parasitic economy of bottom-feeders and iGangsters.

You should tie your IG account to a Google Voice number instead of a your cell that way it cant be SIM swapped.

My insta account keeps getting reset password requests every week for years. I’ve had multiple people ask to buy it, then threaten to sue, etc

I’ve tried to contact meta/Instagram about 50 times and not once has anyone emailed me back

How is it this hard to get support? It’s a personal account and I still have it so I don’t really care that much but there must be a way to get a hold of someone isn’t there!?

This happened to me several years ago. My account got locked out and I had no way to contact a human to get it back.

https://www.nytimes.com/2021/12/13/technology/instagram-hand...

Her Instagram Handle Was ‘Metaverse.’ Last Month, It Vanished.

Ok, so I had a similar situation. What it was is that I signed up for insta pre Facebook merger. Then I connected my Facebook account to insta. So my old username password combo were compromised because I re used them when I was a moron when I was younger. So someone gained access via the original Instagram password and username, changes my email. Then I would login via Facebook and have access at the same time. The different geo locations and unusual activity caused my account to be locked periodically. When they unlocked it I logged in quick, changed the email address and password on the account on the Instagram side and enabled 2 factor and haven't had an issue since.

What devices are you using the account on? If it's on a desktop browser, my assumption would be that you've got malware. That allows them to trivially steal the session cookies, steal the passwords the next time you log in, steal any device identification cookies that are used to control not using 2FA on logins from trusted devices / sending new device notifcations, and also hijack your recovery and notification email address.

If you're only using this via the app from a mobile device, then malware is an unlikely explanation though.

(Why are you regularly changing the password anyway? What's the threat model you're trying to guard against?)

instagramz.com is a legit domain owned by Facebook

Instagram is severly broken. I have never had an account on there and it has repeatedly happened that I was logged into some random stranger's account as I clicked on some Instagram weblink. I could read all their private conversations, message people in their name, mess with their settings. Their security is so badly broken, I wonder if they can be held criminally liable for it.

I had a two letter name which got hacked. I called in a favor from a friend of a friend at instagram/FB and got it back.. then it happened again and I didn't want to ask the favor again. IIRC they did not yet have 2FA even though I asked for it ( I was assuming it would happen again and it did. )

On top of all security measures, Meta, Google and other big tech that offer Auth-as-a-service need to offer paid service to reclaim an account. I am sure people would be happy to pay to talk to a real human and take back their account.

>@instagramz.com

ha....someone stole this domain or hijacked/spoofed an email chain in the password reset api. you should be honored.

>Last updated from Registry RDAP DB: 2021-12-28 06:35:41 UTC

it of course still resolves to instagram.

Plot twist, you are the hacker

Someone at Facebook stealing your domain is quite an accusation. Assuming your domain was similar to your username/IG handle, wouldn't it be more likely to be people wanting your "china" domain for spam/malware/propaganda/etc?