Tuesday, October 6, 2020 [Tweets] [Favorites]

Stolen Instagram Account

Danny Hall (Hacker News):

TLDR: some rich kid in LA now has my Instagram account because he got his friend who works at Facebook to steal it... and nobody at Facebook or Instagram is doing anything about it

I’ve had the Instagram account @danny since it launched (10 years ago!). I guess its a pretty sought after @.

[…]

So it seems that employees with the right access at Facebook can just give your account to someone else. What’s happened to all my data? Photos, messages... 10 years of it. Does this guy in LA now have it? Has it been deleted? Will I ever get it back?

As there’s no other way to contact Facebook I’ve submitted it as a security bug in their bug bounty program but I doubt I’ll get anything other than an automated response.

WORLD_ENDS_SOON:

An interesting aspect to this story is that although there’s no real evidence that a Facebook employee was involved, it still seems like a believable explanation to many readers including many commenters here. If a company’s customer support is so bad that no one can tell the difference between being hacked and being abused by a rogue employee, does it actually matter what happened? I guess that it matters to the original poster, and I do hope that they do get their photos / account back, but in either case the message the message I’m taking away from the story same: your Facebook account could disappear tomorrow and you’d have no recourse.

After the story gained traction, he got his account back, but without any explanation. It reminds me of this story (Hacker News) of a woman losing her Kindle books:

Those friendly phone-based customer support folks couldn’t access Nygaard’s account either, and she was passed on to “account specialists” who only communicated via email. That’s when things took a Kafkaesque turn (as documented by her friend, Martin Bekkelund, on his blog). A man named Michael Murphy with Amazon UK’s “Executive Customer Relations” told Nygaard her account had been determined to be “directly related to another which has been previously closed for abuse of our policies.” Which policies? He wouldn’t say. What other account? Murphy wouldn’t share that, either.

Instead, Murphy would only pass on this shrilly authoritarian boilerplate:

Per our Conditions of Use which state in part: Amazon.co.uk and its affiliates reserve the right to refuse service, terminate accounts, remove or edit content, or cancel orders at their sole discretion.Please know that any attempt to open a new account will meet with the same action.

And, of course, the stories about Apple developer accounts. The official channels just don’t seem to work.

Tom Bridge:

Does anyone know anyone at PayPal? They’ve decided to permanently limit my account.

Previously:

Update (2020-10-16): Miguelyto:

Google disabled my husband’s account and it is giving us no reason for it. Yet it asks for an appeal in a form as the only way to restore it. Appealing a decision without knowing what you’re appealing is a recipe for success.

Update (2020-10-22): Cleroth:

After over 15 years of using #google, my account has been permanently disabled without any reason given. All my emails, contacts, photos, docs, accounts connecting with google, etc.... Everything is gone. Without warning or chance of recovery. I’m at a complete loss...

1 Comment

[…] Danny Hall’s Stolen Instagram Account […]

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment