If you get in on social media early, you can get hold of some covetable account names. When that platform makes it big, those names can wind up in demand and can lead to them being hacked and sold to other people.
It’s a big business, particularly for shorter user names, and according to security journalist Brian Krebs (opens in new tab), Instagram, TikTok, and Twitter are starting to do something about it.
- What two-factor authentication is - and how to enable it
- How to lock down your Twitter privacy settings
- Plus: Beware links to Discord's website — it could be malware
Facebook-owned Instagram recently started taking action against the community OGUsers, a website well known for facilitating the hacking and sale of stolen accounts.
According to Krebs, accounts have been stolen using a variety of tactics including intimidation and harassment, coercion, extortion, swatting, and more traditional hacking techniques like SIM swapping.
If that name sounds familiar, it’s because one member of the OGUsers community was responsible for the mass hack of verified Twitter accounts last July. That hack got so serious the company was forced to suspend tweets from verified users until everything could be solved.
Facebook has now seized hundreds of accounts linked to OGUsers members, including ones that advertise an ability to broker stolen account sales. Both TikTok and Twitter have been involved, with Twitter confirming that it had been working with Facebook to seize OGUsers-affiliated accounts.
That includes “middlemen” who act as intermediaries during transactions. After all, purchasing hacked social media accounts is a crime, and when crime is involved there’s a much higher chance that you’re going to get ripped off.
Krebs notes that these people are sought after for their proven trustworthiness, and will hold money in escrow until the buyer is happy. In exchange, they receive a percentage of the cash.
Facebook has confirmed this isn’t the first time it’s taken action against account hackers and admits that this isn’t likely to stop them. However, the goal is to make it much harder and more expensive for hackers to hijack and sell desirable accounts. Facebook is also making it easier for victims to restore any posts deleted by hackers, with a new feature called “Recently Deleted.”
You have 30 days to reclaim deleted content, provided you can prove you’re the original owner. Hackers also can’t permanently delete anything in the folder unless they can do the same.
Naturally, this news is a reminder to make sure your social media accounts are secured. Use a strong password, and activate two-factor authentication to make it that much harder for would-be hijackers. If possible use physical security keys or authentication apps, rather than SMS-based verification systems.
That way, should hackers take control of your phone number by SIM-swapping, it won't give them full access to your accounts.