This week, after seven years of building up thousands of Instagram followers, a small company on the south coast of England found its account had been hacked.
The English Stamp Company tried to let Instagram know. But in a response that evening, the social media giant said the account had been permanently deleted.
“We’re sorry for any inconvenience this causes,” Instagram, which is owned by Facebook, said in the automated message.
“It’s gutting, the fact that it’s the last seven years of work, and it’s disappointing that Instagram appears unwilling to help,” says Bella Dorey, 27, one of three people in the firm who manage the account.
The company, which makes rubber stamps, was founded in 1992 by Bella’s father and mother, Jon and Sasha, and has seven employees.
It had built up nearly 29,000 followers on its Instagram account, and was hoping to get to 30,000 by Christmas.
It uses Instagram as its main marketing tool, and was relying on the social media platform to boost Christmas sales, especially as coronavirus has put a stop to the usual exhibitions the company uses to showcase its wares.
- Travelex strikes rescue deal but 1,300 UK jobs go
- Blackbaud Hack: Universities lose data to ransomware attack
“We are going to suffer a loss financially,” says Bella. “How do you put a value on more than 28,000 followers?”
Hack and demands
On Tuesday the company got a message from Instagram saying there had been an unusual login to its account from a computer in Huddersfield.
The BBC verified with a computer security expert that this message was genuine.
Bella and a colleague immediately tried to get in contact with Instagram but just four minutes later, they got an email from the hackers, who called themselves “Carlo Minhift”.
“Good Day! We apologize for the inconvenience. Your account has been temporarily blocked,” the email said.
The hackers said they would wait two hours, then start “clearing” the account by deleting photos if Bella and her colleagues did not respond.
The next day, the hackers revealed their intention had been to extort money from the small firm. But they were too late, Instagram had already deleted the account.
“We didn’t want to ruin your account, but you don’t respond to us. We realized that you will not pay us. No, not really. We apologize for not being convenient, but we unfortunately start clearing the account after 30 minutes and sell it. See you later,” the hackers said.
Attacks on Instagram users, while rarer than other forms of cyber attack, are becoming increasingly common as a growing number of influencers and companies market themselves on the platform, according to Professor Alan Woodward, a cyber security expert at the University of Surrey.
He said the decision of the English Stamp Company not to engage with the hackers was “brave” but he said it was the right one.
“You shouldn’t pay the ransom,” he said. “There’s no guarantee you’ll get the account back, the money will be used to fund further crime, and you’ll just paint a big target on your back as a ‘payer’.”
Quite a lot of attacks of this nature rely on so-called phishing emails which try to trick users into revealing sensitive information, like usernames and passwords, by posing as a reputable website.
“Credential stuffing” is another ploy used by hackers who use personal data, harvested elsewhere, to gain unauthorised access to accounts
The best way to deal with an Instagram attack is to try to pre-empt it by beefing up your security beforehand, Professor Woodward said. Make sure passwords are strong, and don’t reuse them across sites, he added.
Instagram offers two-factor authentication by sending a code to your phone. People can check whether their usernames or passwords have been breached through a website called haveibeenpwned.com, which is run by Troy Hunt, a Microsoft security expert.
Facebook says Instagram is working with The English Stamp Company to try to recover their account as soon as possible. “Businesses are an important part of our community and we take their safety and security seriously,” the company said.
“We notify people if we see any unauthorised changes to an account and in the few instances hacking occurs, people can recover accounts through the app and website.”
Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: