Ask HN: How does my Instagram keep getting compromised?

I was an early Instagram user and got my nickname as my handle and I keep getting either locked out of my account or compromised altogether.

Over the years, hackers have tried a number of things to steal my handle and I can usually tell how they get in. These days, I have no idea. I've been SIM swapped a handful of times. One time a hacker faxed a fake ID to Godaddy to try and swap out my domain to gain control of my email (they were successful).

Now, I will try to log in to my account and will just be locked out. The email I created specifically for Instagram is not recognized, and there is no way to reset my password.

I have two-factor auth on, I don't use the same password anywhere else, I change it regularly, etc.

My current theory is there is some employee at Meta that's ultimately stealing the account. Does anybody have any idea how they're hacking me?

PS: the worst part about all this is in order to get the handle back, I have to pull strings with folks I know at Meta, for a normal user, they would have absolutely no way of regaining access...

[Update] Just got the account back and still have no idea how my email was removed from the account...

[Update 2] Reviewing the security section I see a password reset email was sent to [username]@instagramz.com. No clue how or who changed the account email to that though.

---

Comments URL: https://news.ycombinator.com/item?id=29715989

Points: 107

# Comments: 72

from Hacker News: Front Page https://ift.tt/33TvceS
via