Widespread Instagram hack locking users out of accounts

If you spend a lot of time on Instagram, you may want to make sure your account is locked down with two-factor authentication. Mashable reports that the photo-sharing service has seen a recent uptick in occurrences of hacked accounts since the beginning of August. Interestingly, several users who have been hacked have reported similar changes to their accounts, pointing to a potentially coordinated effort.

According to the report, users share several things in common: they'll abruptly be logged out of their accounts, and their username will no longer exist once they try to log back in. In addition to the changed handle, their profile picture, along with the email and phone number associated with the account, will be changed as well. From Mashable:

On Twitter, there have been more than 100 of these types of anecdotal reports in the last 24 hours alone. According to data from analytics platform Talkwalker, there have been more than 5,000 tweets from 899 accounts mentioning Instagram hacks just in the last seven days. Many of these users have been desperately tweeting at Instagram's Twitter account for help.

Curiously, several users report having their profile pictures set to a Disney or Pixar character. Additionally, the email associated with the hacked accounts is switched to a Russian .ru email address. Personal information on the accounts is typically deleted, and the hacker or hackers don't appear to be using the accounts to make any new posts.

Best online learning tools for kids: ABCmouse, Reading IQ, & more

If you're worried about your account being hacked, your best bet is to make sure you're using a secure password and two-factor authentication. However, it's worth noting that two-factor authentication still wasn't able to keep an account safe in at least one case. From Mashable:

The extra security measure didn't protect Chris Woznicki, who was using two-factor authentication at the time his account was hacked 10 days ago. Woznicki says Instagram sent him security emails notifying him the email address on his account had been changed (once again, to a .ru address) and 2FA had been disabled. But by the time he saw the messages, it was too late and he had already lost access to his account, which had 660 followers. Others have reported similar occurrences.