image

CNBC

Instagram accounts hacked, loaded with porn to lure users to dating sites

Hacked accounts had biographies and names changed, with new photos uploaded

PUBLISHED : Thursday, 11 August, 2016, 8:59pm
UPDATED : Friday, 12 August, 2016, 11:17am

Hackers are infiltrating Instagram accounts and altering profiles to contain pornographic imagery that links to adult websites, security firm Symantec has found.

Researchers found that the hacked Instagram accounts had sexual images, different profile biography, image and name, and new photos uploaded. Photos tell people to visit the link in a person's profile which is a shortened URL to a website.

The attackers change the Instagram account's passwords. Symantec notes that accounts remain in the same state even after months, indicating that owners may have created new accounts since.

Links in the profile link to a site controlled by the scammer. This site contains a survey suggesting that a woman has nude photos to share and the user will be directed to a website that offers "quick sex" rather than dating, Symantec said.

The page only appears on mobile browser. On desktop, a user is directed to a random Facebook user profile.

Once a user completes the survey, they are sent to an adult dating website and asked to sign up. Scammers are rewarded with a fee for each person that signs up.

Social media sites from Instagram to Twitter have been plagued with fake accounts. All have reporting mechanisms to take them down.

Symantec said it does not know how the accounts were compromised but that it is likely due to weak passwords and the use of one password across many sites. The security firm pointed to a hack earlier this year which saw over 600 million passwords stolen and sold online. If hackers took some of those usernames and password and tried them on Instagram, they may have been able to access an account.