My brother’s Instagram account was hacked…

My brother isn’t exactly the most technically minded of individuals. Despite my best attempts, he refuses to learn anything about technology. Whilst he does have an iPhone, he only really uses it for texts, photos, phone calls and Instagram.

He doesn’t have a Facebook profile because he “doesn’t like Facebook”. (He doesn’t realise that Facebook’s parent company Meta owns WhatsApp and Instagram).

A few weeks ago, he calls me in an angry fluster because his Instagram account has been hacked. The ‘hackers’ have started sending spammy messages asking for money, as well as posting messages relating to very obvious scams.

Apparently, he was getting inundated with phone calls and messages asking if it was him sending those messages.

Some of those calls and messages were from his customers. My brother is a professional carpet and floor layer in Kent.

The ‘hackers’ had got into his account and changed his password. They also changed the registered email address for his account so that he couldn’t reset his password either.

He was asking me if I could do anything to get his account back. But there was nothing I could do.

All he could do was try to report the issue to Instagram.

 

It was all down to a cr*p password.

He has an incredibly weak password.

And he uses exactly the same password for other websites.

His password was likely very easy to guess. Or it was shared on the dark web from a leaked database.

I strongly suspect it was the latter.

When big systems are hacked, hackers will share email addresses and passwords on sites on the dark web. Sometimes that data is being sold by criminal hackers.

Those databases are often used by other hackers who will use your email address and password by systematically trying to log into common websites where you’re likely to be using the same login credentials.

Yep. Scary stuff.

And stupidly easy to do.

One of your passwords is probably out there…

You can check to see if your password has been decrypted from another system by using this tool.

https://haveibeenpwned.com/

It searches all compromised databases to see if your email (and password) has been shared in any previous hacks.

I’ll warn you now, there’s a high chance you’ll find your email address on that database.

What’s the fix?

Well if you use a different, random and secure password for every website that you use, you’re going to be fine.

If you use the same password for everything, you’re extremely likely to have a problem.

Remembering random passwords is obviously difficult for us humans.

Harrison1981   – is not a secure password, but obviously easy to remember.

^.z#TYqC2CL)’f;[_79>   – is a random password, but difficult to remember! Especially when you have a different password per website.

 

I  use and recommend this software tool:

From £3.40 per user per month when billed annually
An easy-to-use password storage tool. Offering features for small businesses to manage users and access, as well as monitoring the dark web for your credentials that might have been compromised.
Pros
  • Store and encrypt unlimited passwords
  • Automatically save and autofill passwords into the application
  • Brilliant built-in random password generator
  • Monitor the dark web to let you know if any of your old credentials have been compromised (i.e. hacked)
Cons
  • The mobile applications can be a bit fiddly to set up the autofill on mobile
  • It might take less-technical users a few goes to get the hang of it.

 

What I like about LastPass:

  • It costs around £3 / $4 a month – so it’s very affordable
  • It can generate a random password for you
  • If you have 2 or more devices, you can access those passwords between devices
  • If you use your browser to store passwords currently, you can move them into this app
  • It will automatically get your login details when you access a website you want to log into
  • They can monitor your email addresses for breaches on the dark web (all included in the price)

 

A really useful feature:

You can share your passwords with someone else with an account (even a free one) and they can log into a system with your details, without seeing your password. (Ideal for staff and assistants).

Oh, and the big one… They encrypt your passwords on their system, so that only you, with a password, can access your passwords.

(If you’re very technical, then there are other tools you might prefer.)

I’ve used LastPass for several years. I use it on my main computer, my iPad and my phone. It’s one account that works across all devices.

Ideal for work and personal stuff, you can have one account to manage both.

If you know you’re using the same password on several devices, you really need to fix that. You are going to have a problem at some point if you don’t sort it now.

My brother did finally get access to his Instagram account, but it took a few weeks.

From £3.40 per user per month when billed annually
An easy-to-use password storage tool. Offering features for small businesses to manage users and access, as well as monitoring the dark web for your credentials that might have been compromised.
Pros
  • Store and encrypt unlimited passwords
  • Automatically save and autofill passwords into the application
  • Brilliant built-in random password generator
  • Monitor the dark web to let you know if any of your old credentials have been compromised (i.e. hacked)
Cons
  • The mobile applications can be a bit fiddly to set up the autofill on mobile
  • It might take less-technical users a few goes to get the hang of it.