Instagram, Twitter and TikTok join hands to crack down on hackers stealing rare usernames
Instagram, Twitter and TikTok are cracking down on hackers who gain access to and sell rare usernames on the platforms.
Cracking down on a specific bunch of hackers, Instagram has disabled hundreds of accounts that were stolen as a part of an online hacking operation that gained access to and sold rare and coveted usernames. Twitter and TikTok have joined in too to take action against accounts belonging to the same hackers, according to the report by cybersecurity expert and journalist Brian Krebs.
Instagram is mainly focusing on the community surrounding OGUsers which is a website known for trafficking stolen usernames and helping facilitate the hacking of these accounts through methods like SIM swapping. SIM swapping is when a user gains control of someone else's phone number and uses that to reset passwords and take over social media handles.
The first reports of Instagram's enforcement was shared by Reuters.
“Today, we're removing hundreds of accounts connected to members of the OGUsers forum. They harass, extort and cause harm to the Instagram community, and we will continue to do all we can to make it difficult for them to profit from Instagram usernames,” a Facebook spokesperson told The Verge.
This is important since this is the first time Instagram has publicly shared information about the moderation against username hackers. Instagram also released a new feature that will help people recover their deleted posts, in case a hacker takes over anyone's account and wipes it clean.
Krebs reported that the crackdown was a joint effort of sorts with Twitter and TikTok, and those platforms were also taking action against popular OGUsers community members on their respective platforms. It is not clear though how coordinated this effort is between the three companies and how far-reaching Twitter and TikTok's enforcement is in the these cases.
“As part of our ongoing work to find and stop inauthentic behavior, we recently reclaimed a number of TikTok usernames that were being used for account squatting,” TikTok told Krebs in a statement.
“We will continue to focus on staying ahead of the ever-evolving tactics of bad actors, including cooperating with third parties and others in the industry,” TikTok added.
Besides disabling the accounts that were stolen and rendering them worthless, Instagram, Twitter and TikTok have also disabled some accounts of well-known OGUsers middlemen who act like intermediaries during these username transactions by “holding funds in escrow in exchange for a cut of the fee”, as Reuters reported.
The OGUsers made news last year in summer when a small bunch of hackers affiliated to the site allegedly participated in a Twitter hack that reset passwords on many high-profile accounts, like Barack Obama and Elon Musk's, and used their access to run a bitcoin scam.
Much like the 17-year-old Graham Ivan Clark, who was at the center of the Twitter hack, many individuals who frequent OGUsers are minors who are drawn into the community “by the allure of stealing and retaining a rare username of their own”.
As The Verge explains, “these usernames tend to be single words — in rare cases, individual letters or numbers — and they can fetch tens of thousands of dollars on underground markets for stolen digital goods”. Since platforms like Instagram and Twitter have rules barring the buying and selling of accounts, the hackers who procure these coveted handles often resort to illegal means to obtain them. SIM hacking is a popular method, but standard phishing as well as sustained online harassment, extortion, and even swatting are other known techniques, Reuters reported.