My Instagram was Hacked.
I’ve had a month away from blogging for various reasons (tl;dr: i’ve been really busy), and this was not the blog post I’d had planned for my return. I’ve got a blog post all written up and ready about what I’ve been up to this month and my new hair thanks to Rush Hair Enfield, but that’ll have to wait until tomorrow, because this is pretty damn important.
My Instagram was hacked. I don’t know how, whether it was an individual who figured out my password (unlikely, but scary if true), or whether it was an app I’d used, or even worse, they got access to my email and thus my Instagram (and potentially other social media, including my personal Facebook). I’m still trying to figure out how long this has been going on, but it can’t have been longer than a week or maybe two, and whoever/whatever app has been monitoring it is smart enough to not follow loads of people to the extent that I would notice immediately (or get banned from Instagram), but rather focusing on liking photos of accounts that I can only assume have paid for likes, considering they’re a random spread from different countries and not from specific hashtags or anything relevant to the blogging world, like many bots that bloggers have been caught out for using.
How did I notice that my account was hacked?
- I’ve barely been active on Instagram at all this past month, due to starting a new job, having a dissertation due, and exams to revise for, but whenever I had posted a picture, my likes were at an all-time low. I don’t mean just slightly lower than usual, I mean I usually get on average 100+ likes per photo, and I was getting about 30. After chatting with other bloggers, I thought that maybe this was due to the algorithm, the time of day I was posting etc. until a big revelation occurred…
- I was SHADOW BANNED. Why? What had I done to be punished by Instagram? Shadow banning means that all of my photos were visible to those who already followed me, and everything appeared normal to me, but when I logged out of my account, my photos weren’t visible in any hashtags, therefore no new people were finding my account, and my followers/likes were stagnant. It’s Instagram’s way of silently punishing those who spam, which of course I wasn’t doing. I was also in a comment pod of about 7 other UK lifestyle bloggers, several of which I’d consider actual friends, but at the end of the day, comments from the same people on every single photo isn’t really genuine engagement (read Tara’s blog post for more info), so I stopped using the comment pod chat, thinking this was a cause. Feeling disheartened, as I don’t use any more hashtags than the average blogger (#thegirlgang #lbloggers etc.), and so many bloggers use comment pods, I took some time away from Instagram and stopped using hashtags completely whenever I posted a photo. After about a week everything was back to normal, so I figured that was why I’d had issues. NOPE.
- Last night I had a scroll through Instagram for the first time in ages, and noticed some accounts in my feed that seemed a bit odd. I then checked my ‘following’ list on my profile, and realised that something was up. I was following around 30 (I’m soooo glad it wasn’t hundreds, that would have taken forever to sort out), accounts that typically wouldn’t interest me, e.g. ‘luxury’ lifestyle people posting pictures of fancy cars, bundles of money (how tasteless), and text in languages I don’t understand, mostly Arabic, Japanese and Korean. I quickly unfollowed these accounts, and started panicking as I realised a person or an app/bot had access to my account.
- It wasn’t the typical ‘bot’ usage. When bloggers use bots, they use them to grow their accounts, by liking and following-unfollowing similar accounts to their own, or focusing on a specific hashtag. Following around 30 accounts (all of which had thousands, or hundreds of thousands of followers), of course wouldn’t benefit my Instagram growth in any way, so I’m assuming that the people my account was following had bought followers, not necessarily all of them, but a fair amount.
- I checked the photos that my account had liked. You can do this through the settings on your Instagram app. Jesus Christ, this was when I truly panicked. I’m hoping my friends and family didn’t notice that my account was liking photos of cash, nearly-naked girls, and middle aged men on boats!! I spent about 20 minutes scrolling through unliking photos from just last night, until Instagram temporarily banned me for unliking too many photos, ironic huh? I guess I’ll have to slowly go through them, or maybe just unlike the worst ones, but wow, there’s a lot, as you can see from the screenshots below. I’ll have to keep checking to make sure this isn’t still happening.
Examples of what my account had liked and followed:
I have no idea who this “Jake Boys” chap is, but whoever he is, he definitely either buys followers and/or likes, or uses a bot or third party app, because my account had liked a bunch of his stuff and I’ve never even heard of him. ???? It might even be his management team if he has one!
I noticed that all of these people that I’ve liked and followed are either brands, or people who class themselves as ‘public figures’ and/or models, with thousands of followers and likes (in some cases even a million followers!), but it’s all so fake. I was glad to see that none of them were bloggers though. Funnily enough, this has actually made me more proud of the growth I’ve achieved authentically with my Instagram! Over 1000 followers for a girl in London from a tiny village is pretty awesome!
What did I do to resolve it and how you can protect your account
- The first thing I did was reset my password. It was a secure password anyway, with numbers and capital letters etc, but I had to make sure I was safe. Instagram also recommended changing my email password, because that may have been the way access was gained. I change my Facebook password regularly anyway, and Twitter is completely unconnected so I’m sure everything else is okay.
- Revoke third party app access. I previously used Crowdfire, before they removed the Instagram features, then I used Iconosquare for a while, but as of now, I haven’t been using any apps for Instagram. Recently a blogger recommended Followers+ so I downloaded it and connected my account, but it’s nowhere near as good as Socialblade or Instagram’s Business Analytics, (and it wouldn’t even load my engagement), so I deleted it. You can check the third-party apps connected to your Instagram account here, and when I looked at mine, Followers+ still had access, because silly me hadn’t actually revoked it or logged out properly, I’d just deleted the app. Don’t make my mistake! Do not trust random Google Play Store or iOS App Store apps for Instagram, even if your friends recommend them.
- Use two-factor authentication. This means that whenever you log into your Instagram account on a new device/computer, Instagram will text you a code to input, making sure that it is you trying to log in. There’s really no excuse to not have this unless you don’t have a phone (or signal, we still don’t get it properly at my parent’s house in Devon!), especially with all the weird stuff happening with fake Instagram accounts and bots at the moment.
- Check the photos that your account has liked. This may be the only way that you’ll notice if something weird is happening to your account! Hopefully mine is alright now, but I’ll be checking it.
Please make sure your accounts are secure, don’t use any dodgy apps for Instagram, even those ones with lots of great reviews (they could always be fake/paid for reviews, and you’re giving away third-party access to your account). If you’re keen for analytics, use Instagram Business (I enjoyed that for a while, before deciding that I didn’t want to be linked to my Facebook), or Socialblade. The only advice Instagram gives for this situation is to reset your password, use two-factor authentication and revoke third party app access; there’s no way to properly report it currently, so I’m hoping that this will be enough to sort it out! I don’t want to lose my account, I’ve worked so hard to get over 1000 followers, and I love preserving memories through photos.
I can only be thankful that no one accused me of using a bot during that week of ‘blogger instagram drama’, because I haven’t, and I’m also grateful that I figured this out before my account had been permanently banned/deleted from Instagram. Now that Facebook own Instagram, I’m hoping for some upgrades in the security settings, because I know that if something like this happened on Facebook, I’d have emails saying where/what time anyone had tried to access my account immediately, none of this sly ‘shadow banning’ nonsense. I still don’t know why or how this happened, but hopefully if this happens to any of you, taking the procedures I did will resolve it.
It sucks that this had to be my first blog post in over a month, but we’ll be back to normal around here tomorrow!