It’s been 10 days since Russian hackers hijacked a Valley woman’s Instagram account, which she set up for her daughter to post dancing pictures. And she still cannot regain access to the account, or get Instagram to shut it down.
“I just keep waiting for the other shoe to drop. What are they going to do with the account?” said “Kristie,” whose last name CBS 5 Investigates agreed to withhold because of concerns that hackers will target her again.
Kristie says she set up the account for her 12-year-old daughter Sara, who is a competitive dancer.
“She travels all over the country,” said Kristie.
Sara uses the account to network with other young dancers and as a promotion tool.
Kristie says she created the account using her own email and Facebook page, and only allows Sara access to it by using Kristi’s phone. She thought she had all of the “safety bases” covered.
But last Monday, she got an email alert that someone had changed the password to the Instagram account.
“It was routing through an email, an ‘.ru’ email account, which I looked up and it looked like it was in Russia,” said Kristie.
Soon, her daughter’s profile name and the writing on the page were changed to Russian.
Experts say Russian organized crime groups are switching their focus from email to social media when they target their victims.
“They’ve shifted their techniques to try to take over social media accounts, where your guard isn’t as high as maybe it is with email,” said Ken Colburn from Data Doctors.
Colburn says the goal is often for the hackers to impersonate someone you know, so they can get you to click on a link or access a malicious website.
Kristie says she tried to contact Instagram through the company’s hacking portal, but the links led to a dead end.
CBS 5 Investigates reached out to Instagram as well. A company official sent us a series of links and instructions for Kristie to follow, but they also appear to lead to a dead end.
“Honestly, I just want the account deleted,” said Kristie.
Colburn says social media users can avoid similar problems by using two-factor authentication. It requires the web company to send a text or code to your cell phone any time someone tries to change your password. Some companies use two-factor authentication any time customers log on.
“So someone in Russia, they have your name and password, but they don’t have your phone, so they can’t get in,” said Colburn.