Instagram hack sees accounts replaced with film stills

  • Published
Various movie stills have replaced the hacked account profile photographs
Image caption,

Various film stills have replaced the hacked account profile photos (Despicable Me 3, Anger Management, Pirates of the Caribbean, Dumber and Dumber To, Wreck-It Ralph, Shrek 2)

A number of Instagram users have taken to social media to report a mysterious hack in which their profile photos are replaced by random stills from films.

Their account names have also been changed and they are unable to log in.

Their registered email addresses have also been altered to accounts originating from the Russian email provider mail.ru.

Instagram said it tries to provide a safe and secure experience for its community.

"When we become aware of an account that has been compromised, we shut off access to the account and the people who've been affected are put through a remediation process so they can reset their password and take other necessary steps to secure their accounts," said a spokeswoman.

Instagram has security tips, external and advice about hacked accounts, external on its website.

It has also published a blog saying it continues to investigate the issue, external.

The hackers have so far made no demands and the affected accounts appear otherwise untouched.

There are tweets describing the hack dating back to July.

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Oz Banks🎙️

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Oz Banks🎙️
This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post 2 by Shaun Shulba

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post 2 by Shaun Shulba
This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post 3 by Ale Scarpa

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post 3 by Ale Scarpa

Mashable reports, external that there have been 899 Twitter accounts reporting the same experience in the past seven days.

There are suggestions that the attack is originating from Russia, because of the mail.ru email address but it is easy to register for an account with the service in many countries - the .ru suffix remains regardless of the geographical location of the owner.

Some reports suggest that at least one of the hacked accounts may have had the extra security measure two-factor authentication (2FA) enabled, although this is currently unconfirmed.

With 2FA a code is texted to the account holder's phone before they can complete the log-in process.

It is an opt-in service.

Security experts advise that 2FA should be activated wherever possible.