My father-in-law Instagram account was hacked, how can we get it back?
My father-in-law have a small business of paellas which he uses to support his family. He have an instagram account called @paellasantamarta which he uses to get most of his customers.
Two days ago some criminal sent a link pretending to be Instagram official account with a phishing link. He was naive and put the account information there.
Soon after some US mobile (+1 XXX) told they hacked his account and want some ransom to return it.
He got some mails indicating that the email was changed and password. The account is now deactivate.
- We tried to undo the change but it's not possible with the instagram emails nor the past login information - We tried to recover multiple times the account via the face verification but he always get this message: "We weren't able to confirm your identity from the video you submitted. You can submit a new video and we'll review it again. Learn more."
Is there something else we can try? We thought about paying the hacker (the ransom is quite hefty for him) but no one assures that we will get the account back.
He is desperate and nervous, he barely slept in the last two days because he is going to lose his small business of paellas. We warned about the phishing attacks but he is stubborn and was convinced Instagram was going to close is account. Post to HN, which you've done, and hope real hard to get the attention of an Instagram employee. Yeah, I think this is the only one that works. Most of my friends just make new accounts. Customer service basically stonewalls you unless you can prove you exist, which is probably only done by complaining on HN or in person. Are Insta (and FB) devs not embarrassed that HN has become the customer support channel for their products? Does it not come up during standup conversations? I don't know how it would work with the account currently being hacked, but this is what the verified paid offering that is rolling out should help with. Have you reached out through that channel? Is there one? (Not a user of their products, just keep abreast of the news where it was announced.) Sorry I can't be more helpful, sounds like a really big hassle. Maybe its a good time to rebuild from a personal home server that would give you more control over it. Rebuild what…? Instagram is a hosted service. The attacker took over the account and only they know the new password. They could focus this efforts into rebuilding their brand public image from a personal web without relying too much on a third part (that could vanish, or block the access at any time). Free stuff comes with a price, and can be expensive. If this account has been hacked could be used to taint their data and destroy the brand image, or falsely claim that they are closed in Saturdays, or diverting a part of their clients to a different restaurant. All of those could be very difficult to spot before is too late so, recovering the access to the account is only the first part, and a small step, in the solution. They should watch for subtle malicious changes and double check everything written on it and every link provided in the account. While letting the deactivated account rot, hiring a local programmer to create a personal web (starting from scratch and explaining on it that you moved), and investing some money in local advertising, could provide much more bang for the buck. The clients could find the Instagram account deactivated? Provide a replacement. They will just jump to the next link with the original web in two seconds without even think twice about it. Specially when the company is very small, very local, and the place is specified in the brand name. (If your company is named something like "the best patties in NY" the risk of somebody creating a fake company in Atlanta and taking your clients away is really small).