Revealed: Instagram users are most likely to get their accounts hacked

Ruth C. | October 12, 2022

With the social media user base growing daily, social media account hacks are becoming increasingly common. However, user profiles of some social media platforms get compromised more often than others.

According to the data presented by the Atlas VPN team, Instagram users suffered the most from account takeover in 2021. In total, 84% of social media account takeover victims reported that their Instagram accounts got hijacked by scammers. 

Instagram, which has over 1.4 billion monthly active users, is the world's fourth most popular social media channel.

The data is based on the Identity Theft Resource Center (ITRC) snap survey with individuals who reported being victims of social media account takeover in 2021. The survey is featured in the 2022 Consumer Impact Report.

A quarter (25%) of social media takeover victims also reported losing their Facebook accounts to malicious actors. Twitter was reported by only 3% of social media account takeover victims, followed by WhatsApp (1%) and LinkedIn (1%). A whopping 68% of victims have not regained access to their social media accounts. 

Social media accounts are highly valuable to cybercriminals as they hold a wealth of personal information, which may include the user's full name, email address, phone number, birth date, physical address, photos, private messages, and more, and can be used to commit fraud.

A hijacked social media account can be utilized to take over even more accounts by publishing fraudulent posts, sending the victim's contact list malicious links, and asking their friends to reveal personal information or provide funds. In fact, 66% of the victims said the attackers continued to post on their profiles after hijacking the account, and 69% confirmed that the attackers reached out to their friends and contacts in order to scam them.

The malicious actors can also extort the account owner for money in exchange for getting back the stolen account. The request for money was reported by 22% of victims.

Some social media accounts, like Facebook, can be used to log into various other online accounts, such as online banking, which may hold even more sensitive information. 

Additionally, cybercriminals can sell compromised social media accounts on the dark web. According to Whizcase data, a hacked Twitter account retails for $10 on the dark web, an Instagram account costs $12, a Facebook account is priced at $14, and WhatsApp is valued at $18. Meanwhile, a LinkedIn account can be purchased for $45.  

Top ways hackers gain access to social media accounts

Malicious actors have many methods to trick victims out of their valuable information, funds, or social media accounts. 

Posing as a "friend" is an effective scam tactic, as people let their guard down when communicating with people they know. According to the survey, nearly half (49%) of social media account takeover victims clicked on a link in a direct message from a friend before losing access to their social media accounts. 

Cybercriminals also use "get-rich-quick" schemes to lure in unsuspecting victims and steal their personal data and accounts. A fifth (20%) of social media victims lost their accounts to cybercriminals by responding to cryptocurrency and other investment scams.

Moreover, over a tenth (13%) of social media takeover victims provided personal information, including 2FA codes, PINs, and one-time passwords, which led to them losing access to their social media accounts.

While the majority of victims got their social media accounts hijacked after clicking on a link sent to them by a friend, 5% of victims got themselves into the situation after clicking on a link provided by an unknown person, however, referred to them by a friend. 

Spoofed websites and special offers are another combination cybercriminals use to deceive their victims. In total, 3% of victims got their accounts seized by cybercriminals after submitting their login and password information to fake login pages. They were prompted to log in to take advantage of an offer.  

What to do if your social media account got hijacked

To protect your social media accounts from getting hacked, it is essential to create unique passwords for all your online accounts and use second-factor authentication. 

Be cautious of any messages that contain links or ask for your personal information, even if they seem to come from the person you know. You can always call that person or use other means of communication to confirm whether they really sent you that message. 

You should also be careful of any messages containing deals or investing schemes offered to you via social media.

But what if your social media account has already been hacked? 

If you can still access your account:

  • Scan your device for malware and delete any suspicious software if discovered.
  • Make sure to change your social media account password immediately before the hacker does so. If you use the same password for any other online accounts, update them as well.
  • Set up second-factor authentication to add an extra layer of security to your account.
  • Inspect your account for any strange messages or posts you did not publish and delete them to prevent cybercriminals from using your account to commit more fraud.
  • Inform your friends your account has been hijacked in case fraudsters have contacted them on your behalf.
  • Keep your software, such as your social media apps, up to date to minimize the chances of malicious actors exploiting vulnerabilities in the software in case there are any.
  • If your account contains sensitive information, be on the lookout for any signs of identity theft: check your bank statements for any unexplained charges, withdrawals, or errors on your tax return or social security statement. You can also employ tools such as Atlas VPN Data Breach Monitor, which scans publicly leaked databases for your credentials and alerts you if they have been exposed so you can act immediately.

If you no longer have access to your social media account, most of the tips above still apply. However, additionally, you should report the account takeover to the social media platform. Also, learn about pre-hijacking, highly relevant if you use single sign-on options to create accounts.

Instagram, Facebook, Twitter, and LinkedIn provide advice on what to do if your account has been hacked. If the social media platform where your account has been taken over does not offer any guidelines for such instances, contact their support.

Browse safely & anonymously with a VPN

Browse safely & anonymously with a VPN

Encrypt your internet traffic and defend against online snooping, hackers, governments, or ISPs.

© 2023 Atlas VPN. All rights reserved.