top of page

Case Study: How a hacked Instagram account folded one business in seconds

Updated: Apr 17, 2023

Did you know that each day there are 500 million people using Instagram Stories and 95 million photos are uploaded to Instagram each day? If used properly, social media platforms such as Instagram can be extremely powerful tools for businesses. However, if they are used incorrectly, this can lead to data breaches, unauthorised access being obtained and impersonation accounts being created in your business's name.

Picture this (excuse the pun) you receive a seemingly genuine message from Instagram highlighting you to the fact that you might have violated copyright laws in some of your content and that you need to take immediate action to resolve the issue. However, the actions you then take immediately lock you out of your account, and the hours and hours of work you put into your account are gone, and your business is effectively lost.

Well, for one social media influence based right here in the South East, that is exactly what happened.

"I lost my whole business in seconds" - A real case study

The influencer received a message which at first glance seemed like an official message from Instagram. The message was positioned to scaremonger the user into thinking they had violated a copyright law, and in order to prevent the account from being closed within 24 hours, they needed to follow the onscreen instructions.

They clicked on the link, logged into their #Instagram account, and within seconds were logged out of their account. Their passwords were changed, and they were no longer able to access their account. This is a real example of a #phishing attack where the business owner lost access to a system they heavily rely on.

The business then received a #whatsapp message from the #hacker with instructions on how to pay so they could regain control of their account or face its deletion within 24 hours. The company had built their online presence over the last 8 years, so quite rightly were worried about the potential loss of valuable content and customer contacts.

So, how can I protect myself and my business and keep my accounts secure?

  • When did you last update your password? Make sure you are using a strong and separate password to protect your email - Don't use the same password on multiple accounts! Make sure that you're protecting your other important accounts, such as banking or social media.

  • Always enable two-step verification (2SV). It really simple to set up and will help you to stop hackers from getting into your online accounts, even if they find your password.

  • Be wary of messages which ask for your login details or authentication codes. Despite some messages appearing genuine or claiming to be from someone you know.

  • Use online support or help pages. If you can't access your account, you'll often find information about how to recover your account.

  • Always report suspicious emails you have received. Please forward scam emails to and suspicious texts you have received but not acted upon to 7726

If you think you've become a victim of a cyber-attack:

  • If you lose access to your account or a hacker has taken control, please follow the NCSC’s guidance on how to recover a compromised account.

  • If you receive a demand for money, do not pay the suspect so you can regain access to your account. It’s likely that the suspect will demand more money instead of giving you control of your account back.

  • If you have paid any money, contact your bank immediately and report it to Action Fraud online or call 0300 123 2040 as soon as possible.

The Cyber Resilience Centre for the South East exists to support sole traders, micro-businesses and SMEs across the region. We offer free membership which will inform you of the current threats gathered by policing intelligence, as well as providing simple steps to take to reduce your vulnerability to an attack. We also offer an opportunity to speak to our Head of Cyber and Innovation regarding your cyber security and concerns.


bottom of page