Instagram has disabled hundreds of accounts that were stolen as part of online hacking operations aimed at gaining access and selling rare and coveted usernames, the company says The Verge. Both TikTok and Twitter have also taken action on some of the accounts belonging to the same hackers, reports journalist and cybersecurity expert Brian Krebs.
Facebook’s proprietary platform focused mainly on the community around OGUsers, a site known for trafficking stolen usernames and helping to facilitate the hacking of these accounts through methods like SIM exchange, which occurs when a user gains control of the someone’s phone number and use it to reset passwords and take control of social media identifiers. The news of the Instagram application was first reported on Thursday by Reuters.
“Today, we are removing hundreds of accounts connected to members of the OGUsers forum. They harass, extort and harm the Instagram community, and we will continue to do everything we can to make it difficult for them to profit from Instagram usernames, ”said a Facebook spokesman. The Verge. The disclosure is notable because it is the first time that the platform has publicly shared information about moderation against username hackers. Earlier this week, Instagram launched a new feature that allows people to recover deleted posts, in case a hacker takes control of your account and deletes it.
Krebs reported on Thursday that the crackdown was a kind of joint effort, with Twitter and TikTok also acting against popular members of the OGUsers community at the same time on their respective platforms (although it is unclear how much coordination there was between the three companies or how comprehensive was the application of TikTok and Twitter).
“As part of our ongoing work to find and prevent inauthentic behavior, we recently recovered several TikTok usernames that were being used for hacking accounts,” TikTok told Krebs in a statement. “We will continue to focus on staying ahead of the evolving tactics of evildoers, including cooperation with third parties and others in the industry.”
In addition to deactivating accounts that have been stolen and rendering them useless, social platforms have also deactivated some accounts of well-known OGUsers intermediaries who act as intermediaries during username transactions, keeping funds in custody in exchange for a fee reduction, reports Reuters.
OGUsers made headlines last summer when a small group of hackers affiliated with the site reportedly participated in an unprecedented hack on Twitter that involved resetting account passwords for dozens of high profile individuals and companies, including Elon Musk and Barack Obama , and using their access to run a bitcoin scheme. Like the individual at the center of the Twitter hack, Graham Ivan Clark, then 17, many of the Instagram hackers are cracking down today and those who frequent OGUsers are minors, often attracted to the community by the fascination of stealing and retaining a name. rare user.
These usernames tend to be unique words – in rare cases, individual letters or numbers – and can yield tens of thousands of dollars in clandestine markets for stolen digital goods. And because platforms like Instagram and Twitter have rules that prohibit the purchase and sale of accounts, hackers interested in acquiring one of these coveted targets often resort to illegal means to obtain them. SIM hacking is a popular method, but standard phishing, as well as ongoing online harassment, extortion and even swatting are other well-known techniques, notes Reuters.