A Facebook employee stole an Instagram user account, and the head of the company helped to get it back
The complaint was responded to on Twitter by the head of Instagram, Adam Mosseri, after which the account was returned.
An Instagram user said on Twitter that his account, protected by all possible means , was stolen. In this, according to the available data, a Facebook employee was involved, who decided to help his friend.
Danny Hall signed up for an Instagram account called @danny shortly after launching the social media. networks 10 years ago. Thus, a simple short account name obtained early on in Instagram is of high value.
With the current popularity of social On the web, an account with a nice nickname became a very desirable thing among other users, so Danny constantly received notifications of attempts to enter his account and reset his password. As a result, he decided to improve the protection of his account by inventing a complex password and connecting two-factor authentication.
However, no security measures and complex passwords will help if an existing employee of Facebook, whose company owns Instagram, participates in hacking it.
On the morning of September 27, Danny Hall, as usual, tried to log into his Instagram account, however, in response he received a message stating that the password was not suitable. His accounts had been hacked before, so he thought that the same thing happened at this time.
However, Hall subsequently discovered that his account was now private and owned by another person.
Danny asked his girlfriend to follow the new owner of the @danny account, when her application was confirmed, it turned out that all the photos of the real owner were deleted, and posts of a stranger from Los Angeles appeared in their place.
A story in which an intruder brags about his new name.
Some time after the addition, the new account owner began to actively write to her, and even tried to start a video chat. He said that he got the account with the help of a friend who works at Facebook.
"Hi, I know it was your boyfriend’s page. My friend works at Facebook and now this profile is mine. If you need anything, don’t hesitate to call. Thanks again," wrote the new owner of the page.
Then he deleted his messages, but the screen of the correspondence was saved.
Danny is confident that he did not fall for phishing and did not receive requests for confirmation of two-step verification. Instagram also didn’t send any email change notifications.
“I can’t imagine any other way to access the account. Even if you have my password, I will receive a notification about a login attempt, ” Denny said.
All attempts to contact Facebook or Instagram were ignored. He either didn’t get a response at all or just got an incomprehensible email that said, "Problem seems to be solved."
For this reason, Hall suggested that a Facebook employee who has access to the accounts may have given it to his wealthy friend.
In addition, Instagram CEO Adam Moseri responded to Hall’s Twitter thread and asked him to write to him in private messages.
As a result, the user described the whole situation in detail as a security error in the Instagram Vulnerability Reward Program, and soon the account, along with all the publications, was returned to him. But the user has not yet received any information about what happened and how the account was stolen.
Other users also began to report that they encountered similar. So, for example, the real owner of the account with the nickname @harry could not log into his profile one evening, and the account now belongs to a stranger. Twitter users with "@N" and "@jb" accounts also experienced this issue.