News

Case study: How my business Instagram was hacked

Kathy Kiedrzynski, founder of Kiyomee Blends, explains how she lost 43,000 followers after a ransomware attack on the business’s social media account.

19 May 2022

On 24 April, Ms Kiedrzynski woke up to a business owner's worst fear – her business Instagram had been hacked.

Approximately four to five weeks prior, Kiyomee Blends applied via the correct avenue on Instagram to qualify for a verification badge. This would then show consumers that Kiyomee Blends was reputable and trustworthy among the 43,000 following that it had. 

The hack 

“On that morning I had a direct message (DM) sitting in my Instagram folder. It appeared like any chat that I would have daily with my customers,” Ms Kiedrzynski said. 

“I opened it and very excitedly read we had qualified for the badge we’d applied for, I had no reason to believe this was fraudulent as this account had the Instagram logo, it was trademarked, had over 600 million followers to which big brands also followed. They had links within the message that would take me to live pages that also have been verified, all I had to do was refresh and re-sign in for my badge to appear.”

With complete trust that this was in fact Instagram direct, Ms Kiedrzynski signed into her account and instead of her blue verification badge appearing, she received an email within seconds stating there was an unauthorised device logged into her account. 

“I instantly attempted to change my password, but these guys were already in the backend of my account and had changed the language and used two-factor authentication on me, and in that very moment I watched my account be taken over by hackers,” she explained. 

“I was on the phone to technical support to assist in regaining access to my account. By lunchtime, I had spoken to Facebook business concierge via message and phone call.  They then followed up with a case number and feedback report but I have had no correspondence from them since. I then reported, emailed and constantly called Instagram to no avail. I then began the facial recognition reports.”

IS YOUR BUSINESS CYBER SAFE?

Explore our cyber training and resources to defend against online threats to your business. Plans start from only $10/month.

Ms Kiedrzynski has now done facial recognition 72 times. Around 60 of those responses from Instagram replied thanking her and they’d be in touch within one to two working days. She is still waiting. 

The other replies from Instagram told her to simply unfollow the account and block the content she didn’t want to see.

“Within 10 hours of the hackers taking over, I received a message via WhatsApp from them, holding my account for ransom. They requested money and they’d return my account untouched. [Almost] 24 hours passed and they told me if I don’t pay, they’ll sell the account to someone else or they would delete all the content,” Ms Kiedrzynski said. 

“By this point, I was completely heartbroken, years of hard work and money invested in this page was all gone. These hackers have really affected our sales, as a small business, the hit was hard. 

“For years now and currently we run ads via Facebook, how they can say I don’t own the account is beyond me as the ad accounts are owned by me and then the business accounts branch from there. 

“Another lesson throughout this experience as a brand is that Instagram doesn’t recognise me as the owner of the account because I don’t have photos of myself on the feed. When I started this range, it wasn’t about me, we share all the amazing customers that are experiencing our supplements so there is no need to feature myself daily as I work behind the brand. I did have 2 photos introducing myself as the founder and at our birthday celebrations, but it wasn’t enough for Instagram to help me.”

The aftermath

“We have had to start all over again, countless hours of reaching out to followers letting them know what’s happened, ensuring they don’t interact with this account for their safety and trying to get them to now follow another page in the support to rebuild our integrity and brand,” Ms Kiedrzynski said. 

“We lost years of content and now are left trying to fill in the gaps and recreate what’s been lost.

I cannot say this enough, whether your business is an online service or product based, please ensure you share the founders for facial recognition purposes. Use two-factor authentication on all platforms and change your passwords regularly because these guys are brutal and will go to any length to trick you and take over your accounts.”

SCAMMERS TARGET PEOPLE NOT COMPUTERS

Train your staff to be the frontline of your defence against cyber attacks with plans starting from $10/month

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.