Hello my readers. A very fantastic day to you all. Today, I am here to tell you about my personal story. Well, not a boring one but something you should be aware of and you should learn and never repeat the mistake which I did.
On 23rd May 2023, around 2.30pm – 3pm IST, my Instagram account got hacked. And I am solely responsible for this hacking. You all know that I was an ex-website programmer. In the year 2008 – 2015, I was into Facebook and Twitter coding for fetching data and analysis. Looking at these websites, I always had the curiosity to know how these website loads huge data including no. of counts, few comments, photo, name, followers count, following count, post count, etc, etc in one go and in microseconds time and without page refresh, how notification works etc. Apart from this, I always wonder how privacy / security works. So, I did this. Back then, I created around 4 accounts on Facebook, opened different browsers, and started checking from how friend requests works, what’s the difference between friends-of-friends, once a photo is uploaded then a third person will be able to stalk this or not , etc. I juggled a lot between the browsers and I found that many privacy settings were not up-to-the mark. Yes, the privacy of Facebook was not at all secure (in and around the year 2008-2015).
Months and years passed, I made many Facebook apps and finally I became pro in Facebook. I was even awarded by one of my companies for pulling out all the content of a Facebook page, posting content / photo / video on a friend’s wall through an app. So, I was well aware that I can do anything on a friend’s timeline without their permission. Though that time, all data was provided by Facebook, still one kind of security breach. So I was fully aware that I have to use social media very carefully. I should not miss any notification from them. And have to check privacy settings very often.
When I started my career, one of my renown websites was hacked. I had my learning and from that day, I started writing code and queries very carefully. And I never took these hackers lightly. I always wrote code thinking hacker in my mind.
Now, I have been a housewife for the past 8 years. So this coding and hacking has taken a completely new face. And in these 8 years, I became addicted to social media. Yes, I upload my personal photos / videos on Instagram, Facebook, Whatsapp status but I always took care of my privacy settings. I have very few followers because I want only a few people to see those photos / videos. Not only that, over time when the privacy settings changed on Facebook, Instagram and Whatsapp, I activated that. Means, few people from my followers were not allowed to see the stories I shared, were not permitted to see my Whatsapp profile pic and Whatsapp status, etc. Not only that, If I have saved someone’s else number like delivery man, laundry man, etc and if they are on whatsapp, then I block them.
So this is me. Addicted to Social media but with hell lots of privacy settings on and always guided and encouraged other people to take complete usage of these settings. And on 23rd May, 2023 everything changed.
Few days before 23rd May, On Instagram, I got a friend request from one of my friends. I know her personally and her work, so I accepted it. After accepting, she messaged me on Instagram messenger that she is running one modelling contest and she needs my “Vote”. My friend, who is a life coach, has complete knowledge on fashion, social worker, and always helping nature n hence I didn’t get a second doubt on her. I replied, “Ok, but how and where to vote”. Many days passed and there was no response from her and I even forgot about it.
So on 23rd May, this was our conversation.
She: Hey for voting, I want you to add this Email ID for 3 minutes and later you can change it again (gave one email id, I don’t remember it now)
Me: Ok, But where should I add it?
She: You have to go to your profile, edit your personal settings, click on “Add email ID” (sends few screenshots)
Me : Ok
* Me went back to profile, edit the personal settings*
She: Add this Email ID (Sends me Email ID)
Me: * Me left that editing, went back to messenger, to copy that Email ID. Come back to personal settings. Here, I was surprised to see the new settings of adding / changing the Email ID. So I added her Email ID. Instagram then asks me for secret code (OTP) which was sent in the other email ID*
She: *Gives me the secret code in Instagram messenger*
Me: *Leaves the editing part. clicks on several back, to go to messenger just to copy that secret code. Went back to edit my profile but since previously I had clicked on “back” hence all the work was undone. So I did all the procedures again. Here I was a little frustrated because of back and forth. Since the procedure was done again. I needed that OTP again. But this time OTP was of 4-5 digits only and hence I was able to remember it and directly typed it. In this frustration, I was about to click back just to tell her that don’t message me on Instagram. Whatsapp me instead. And in the meantime.*
She: Send me your whatsapp number
… and this sentence killed me …
She is my friend and she HAS my number. My hands and legs were numb. and then I shouted. “SHIT. This is not my friend. My instagram is hacked”. I called that friend, and she told me that her own instagram account has been hacked. Her account has been cloned too.
The last step, instagram asked me was, “This is me / This is not me”. I swear guys, I clicked on “This is not me”. but it didn’t work and I got logout from my account. I immediately ran, took out my laptop. Firstly, I changed the password of my other accounts. and then I came back to change the password of my personal account. But my email ID was changed to the email ID which was given by them. All the password reset link and other links were going to the hacker’s email ID.
I reported to instagram about his hacking. Even wrote an email to them. Even send messages on twitter and Linkedin. But seriously, no response / no automated email from them. Then this thing happened on Linkedin.
Since I had posted on Linkedin about my hacking, I got comments from a few unknown people saying that the instagram help center is the worst and they never care about such issues. They then gave me some email ids and also their instagram account and told me to contact them. Now since I was not at peace, I contacted one on instagram from my other account. We had a few chats and then I was like; “Wait, now don’t believe anyone.” I then went to linkedin and saw the people’s account who commented on my post. To my surprise they had 0 connections. I was like, how come they don’t have any connections on linkedin. I saw their profiles in detail, to which I saw that they have commented the same thing to almost everyone whose instagram account was hacked. I immediately stopped the chat session and blocked the account.
Now, what’s next? I am still finding my luck to retrieve my account. Even asked a few ex-colleagues. One of my friends suggested to report this to cyber crime. I got a few emails from the internet and emailed them. I got a response from one of them too. Later, I went to twitter to search for some handles there. And this is what I got from twitter. The Cyber crime had mentioned the exact same procedure of how hacking takes place on Instagram. After reading their tweet I felt like a complete loser. I was the one who used to guide everyone about social media safety, and I only fell into the trap. Why didn’t I get a second thought? I mean who changes the email ID like this? I was the one, I myself gave the complete access of my personal account to the hacker. I, who made many, many, many voting modules in life, completely, horribly failed to understand that we cannot vote by changing the email ID of someone else ID. I, who wrote many validations, completely failed to check the username of the cloned ID.
I, who was once a proud web programmer, now a complete failure. Can’t even imagine myself in such a situation. A very big nah-nah-nah-boo-boo for me.
If you are from India, and your social media account is hacked then you should definitely do this process. You have to fill a form on this website. https://cybercrime.gov.in/ . The form is lengthy but please have patience to fill it. At least you will be safe from your side that you have reported the problem.
Yes, I am a loser. A Big Loser.
Update 1: I was checking my profile from my other account. Since I have very few followers, hence checking the follower / following list is not a huge task for me. This is what I found. I request you all to “report” this account. This is a fake account.
Also, one thing I noticed is this website link. The account who hacked my ID had the same website link. So requesting you all, if you get any request which has this website link, then please do not accept that request. It might be the hacker.