top of page

Cyber Criminals Post Explicit Images On 18-Year Old Surfer’s Instagram Account

An 18 year-old Australian star surfer by the name of Blaze Roberts has had her Instagram account corrupted by cyber criminals. Ms. Roberts was made a victim of a phishing attack, in which the adversaries sent her an email prompting her to click on a malicious link. The link served as a backdoor to corrupting her Instagram account, which the attackers used to post sexually explicit images to Roberts’ 40,000 followers.

Ms. Roberts says she believed that the malicious email came from Instagram itself, but it served as a front for the group of criminals to abuse her account. Apparently, the real Instagram has not been much help for Roberts to regain her social independence.

Instagram’s security procedures consist of asking a user to verify their identity by sending a recognizable photo of themselves to the Instagram security team holding a piece of paper with a written security code. The hackers also followed this procedure (Roberts saw photos of a bearded man in a gray shirt and a woman with strawberry-blonde hair in her outbox). She has contacted Instagram multiple times to expel the adversaries and to regain access to her account, but the response has been less than satisfactory:

“I kept messaging Instagram with screenshots and photos to try and send them the proof and they kept saying they didn't have enough proof and they didn't know what I was talking about." - Blaze Roberts (On alerting Instagram that someone has gained unauthorized access to her account)

Graham Cluley, a security consultant and blogger, offers practical reasons for why hackers would want to corrupt a social media influencer’s Instagram:

"Why did the hackers target a popular Instagram account? They probably wanted to exploit its large following – maybe they had plans to scam followers into handing over personal information, or perhaps they had plans to hold it for ransom." -Graham Cluley

However, in viewing the popularity and success that Roberts has earned, the hackers could also have been motivated to damage the influencer-reputation that Roberts has worked so hard to build.

Currently, Ms. Roberts has unfortunately not been able to recover her old account, but has had to create a new one. In regards to her private information, it is concerning as to whether the hackers have gained access to her bank records, private contacts, or other critical data connected to her email account.

In all cases, Instagram’s account recovery process needs considerable work. What is suggested is that Instagram re-evaluate its security policy to ensure that a user is who they really say they are. How to do so is easier said than done, but it would be best to start at their authentication process.


bottom of page