A Melbourne blogger has told of her distress after having her Instagram account hacked and held for ransom by American criminals.
Rozalia Russian, a fashion blogger and brand ambassador with 167,000 followers, relies on her social media presence for jobs and was distressed to discover an unknown entity had hacked her accounts and changed the passwords.
“Words cannot describe how violated and disappointed I feel to have my personal Instagram and emails hacked into and taken over,” wrote Russian in a post on her other (smaller) Instagram account for her clothing line.
The blogger told Fairfax the situation was so stressful her face broke out in a rash.
Adding to the stress were derogatory comments appearing on the page, allegedly threatening to “expose” Russian for marrying her husband Nick Russian (who owns Melbourne nightclubs) for money.
According to Russian, the hackers were able to be traced to a phone number in the US after one of them accidentally left an incriminating post on her account.
Fearing they may delete her account if she didn’t comply, Russian and another friend who had been hacked by the same group paid a ransom of $5000 to retrieve the accounts.
According to Fairfax, Russian’s friend was a travel blogger with over a million followers, but did not want to be identified.
How hacking happens
Nigel Phair, adjunct professor at the University of Canberra, cybercrime author and former head of the Australian High Tech Crime Centre, said there were a number of ways hackers can get in.
“They have password hacking tools, which basically ‘brute force’ the passwords and guess every possible combination until they get it,” he told The New Daily.
But Mr Phair thought the most probable scenario in this instance was that Russian had a weak password, or the same password for multiple platforms.
‘Reset’ protocols mean that if a hacker gains control of one account, they can use it to reset another account, and so on.
Mr Phair said we also needed to be aware of “reset prompts” which ask us to enter information such as our old school or our pet’s name to gain access.
“If you have the name of your high school on your Facebook account and it’s public, or you have pictures of you down at the park with ‘Fido’ the dog, they may be able to use that,” he warned.
How to stay safe
Mr Phair suggested securing our accounts with ‘strong’ passwords that include numerals, letters and punctuation – and to avoid repeating passwords across multiple platforms.
The cyber expert said he changed his passwords according to the seasons, giving him fresh combinations four times a year.
“Don’t divulge your passwords to anyone and beware of your reset prompts,” he said.
“I know when you’re a minor celebrity you want everyone to see your life because that’s how you make money, but for everyone else I’d advise shutting your social media accounts right down so that no information is public.”