My other half discovered that some dodgy person/company had managed to send instagram messages to all of her followers from her account. She changed her password immediately, but what could have happened here? Is it the case that a “hacker” had access to her full instagram account, or would they have used some tool that allows posting of messages via some kind of proxy without requiring access to her actual account? There was no record of other logged in devices on the security page of her account.

  • Gacrux@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    first of all i dont use instagram so i cannot guarantee what i have said. however i do have a fair bit of roblox experience and account stealing kinda happens all the time there.

    the website sent out could steal session details. most sites have a “remember me” feature so that you dont have to login every time you visit it. the server does this by giving your computer a unique identifier after you log in, so now that identifier can be used instead of a username and password. the website could steal that identifier and thus impersonate you, without getting your username and password.

    after doing this basically anything could happen, but most likely the account will be controlled by a bot to spread the ad further, eventually amassing some sort of botnet.

    in theory stopping the bot from accessing your account could be as simple as logging out of all devices the moment you fall for it, but im not too sure what would happen if you do it any later than that.

    i dont think a proxy actually exists. to pretend to be someone else you either make an account that has similar characteristics as the target or just steal the target’s account directly. is it literally every one of the followers that are targeted, 100%, or is it just most of them? it could be some sort of website like what i said spreading through the network of followers.