Tuesday, October 6, 2020

Stolen Instagram Account

Danny Hall (Hacker News):

TLDR: some rich kid in LA now has my Instagram account because he got his friend who works at Facebook to steal it... and nobody at Facebook or Instagram is doing anything about it

I’ve had the Instagram account @danny since it launched (10 years ago!). I guess its a pretty sought after @.


So it seems that employees with the right access at Facebook can just give your account to someone else. What’s happened to all my data? Photos, messages... 10 years of it. Does this guy in LA now have it? Has it been deleted? Will I ever get it back?

As there’s no other way to contact Facebook I’ve submitted it as a security bug in their bug bounty program but I doubt I’ll get anything other than an automated response.


An interesting aspect to this story is that although there’s no real evidence that a Facebook employee was involved, it still seems like a believable explanation to many readers including many commenters here. If a company’s customer support is so bad that no one can tell the difference between being hacked and being abused by a rogue employee, does it actually matter what happened? I guess that it matters to the original poster, and I do hope that they do get their photos / account back, but in either case the message the message I’m taking away from the story same: your Facebook account could disappear tomorrow and you’d have no recourse.

After the story gained traction, he got his account back, but without any explanation. It reminds me of this story (Hacker News) of a woman losing her Kindle books:

Those friendly phone-based customer support folks couldn’t access Nygaard’s account either, and she was passed on to “account specialists” who only communicated via email. That’s when things took a Kafkaesque turn (as documented by her friend, Martin Bekkelund, on his blog). A man named Michael Murphy with Amazon UK’s “Executive Customer Relations” told Nygaard her account had been determined to be “directly related to another which has been previously closed for abuse of our policies.” Which policies? He wouldn’t say. What other account? Murphy wouldn’t share that, either.

Instead, Murphy would only pass on this shrilly authoritarian boilerplate:

Per our Conditions of Use which state in part: Amazon.co.uk and its affiliates reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders at their sole discretion.Please know that any attempt to open a new account will meet with the same action.

And, of course, the stories about Apple developer accounts. The official channels just don’t seem to work.

Tom Bridge:

Does anyone know anyone at PayPal? They’ve decided to permanently limit my account.


Update (2020-10-16): Miguelyto:

Google disabled my husband’s account and it is giving us no reason for it. Yet it asks for an appeal in a form as the only way to restore it. Appealing a decision without knowing what you’re appealing is a recipe for success.

Update (2020-10-22): Cleroth:

After over 15 years of using #google, my account has been permanently disabled without any reason given. All my emails, contacts, photos, docs, accounts connecting with google, etc.... Everything is gone. Without warning or chance of recovery. I’m at a complete loss...

Update (2020-11-07): Chris Stokel-Walker (via David Heinemeier Hansson):

Cleroth is one of a number of people who have seen their accounts suspended in the last few days and weeks. In response to a tweet explaining his fear at being locked out of his Google account after 15 years of use, others have posted about the impact of being barred from the company that runs most of the services we use in our day-to-day lives.

Update (2021-01-06): Gilbert Tang:

I recently bought 4 SSDs from Amazon. When the package arrived, 3 were missing. I contacted Amazon and they said I needed to call UPS. UPS said the opposite. After tons dealing with CS to no avail, I finally canceled the $1200+ on my card. Then Amazon locked 20+ year old account.

The result of this is now I’m locked out of 320+ audiobooks, 300+ Kindle books, and all the AutoRip music from vinyl record purchases. Speaking of records, on well over a dozen occasions I received them just floating in a big box. They were almost always damaged and sent back.

Update (2021-01-12): Ron Paul (via Hacker News):

With no explanation other than “repeatedly going against our community standards,” @Facebook has blocked me from managing my page. Never have we received notice of violating community standards in the past and nowhere is the offending post identified.

The only thing we posted to Facebook today was my weekly “Texas Straight Talk” column, which I have published every week since 1976.

1 Comment RSS · Twitter

[…] Danny Hall’s Stolen Instagram Account […]

Leave a Comment