Sarah Phillips woke up Saturday morning to find her Instagram account hacked.
For many Instagram users, being hacked creates a mixture of annoyance with mild outrage. For Phillips, it was more dire: her
livelihood relies on advertisers who promote their wares through her Instagram account, which is called, simply, “Food.”
Now, after five days of nonstop calling and researching, Phillips finally has control of her digital accounts again. She has yet to hear a peep from Instagram.
We also reached out to Instagram for comment on this story but have not heard back. We’ll update this post if we do.
First hope: Try to fix it fast
Phillips runs the website Craftybaking.com. Her account, Food, has more than 379,000 followers, and provides Instagram users with regularly updated beautifully framed pictures of — you guessed it — food. She was one of the first people to latch onto Instagram, and has used it to build her business ever since.
Now, companies like Kraft, Unilever, and Starbucks have multi-thousand dollar deals with the woman to work with her concise and catchy Instgram handle.
When Phillips learned her Instagram account was hacked, she rightfully flipped into panic mode. She had completely lost ability to log into her account. The hackers, it seemed, took ahold of the account sometime Friday night. They then changed the name of the person associated with it — from Sarah to other names like Eric. The account thieves even even posted pictures.
While food pictures were posted by the hackers, there were offensive ones too. A swastika was said to have been posted on the hijacked Food handle, but it was swiftly taken down by Instagram moderators.
Once she realised what had happened, Phillips went online and filled out Instagram’s forms reporting an account hacked. “I filled out every form,” she told Business Insider. And then she waited.
She waited, in fact, for five days. All this time she heard nothing from Instagram.
How the hack went down…
In the interim she thinks she figured out what happened. “They hacked into my web server,” she explained.
She thinks the hackers called the company that controls her web server and posed as her. The company asked a few run-of-the-mill security questions. The hackers were able to answer them correctly, thus giving them complete control over her private web server, she speculates.
“Those are asinine questions,” she proclaimed. Companies, Phillips reasoned, should use personal queries that are “not related to anything on the internet.” Questions like someone’s dog’s name is or the last four digits of a credit card are all somewhat easy to find. Security questions should be something only the user knows — not an easily searchable number, believes Phillips.
Once the hackers were able to answer one question correctly, they got full control of her account, she believes. They redirected her email so that all messages were sent to another hacker-controlled burner account. Once they had control over her email address, they were able to tell Instagram they “forgot” the password and reset the account.
Phillips added that she’s received notifications of password resets more than a dozen times, suggesting this wasn’t the first time attackers had targeted her account. This time, she thinks, they finally succeeded.
Instagram/Screenshot via Sarah Phillips
A screenshot of the hacked Food account
Finally regaining control
Finally, after five days, she regained control of her account.
Phillips believes this is because she knows people who have “connections to Instagram,” and they were able to call in a few favours.
All the same, she tells Business Insider, she was never contacted by Instagram support, nor did they ever follow up about any of this during the five days this all happened. She simply kept filling out forms and hoping that her account would re-materialise.
Now Phillips’ Food account appears to finally be up and running. She has changed her web server as well as all of her passwords.
But for Phillips, this raises real red flags about the company. She and other new media entrepreneurs turn to social platforms to build their following and forge content deals. Thus Instagram’s radio silence is unsettling.