My other half discovered that some dodgy person/company had managed to send instagram messages advertising handbags to all of her followers from her account. She changed her password immediately, but what could have happened here? Is it the case that a “hacker” had access to her full instagram account, or would they have used some tool that allows posting of messages via some kind of proxy without requiring access to her actual account? There was no record of other logged in devices on the security page of her account.

Update: She’s just been through her junk email folder and found a “We’ve noticed a new login” email from instagram yesterday, so I presume that means they were fully in to the account then. How they got the password is anyone’s guess, but could be any of the suggestions below. Thanks all for the responses.

  • towerful@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    6 months ago

    She’s just been through her junk email folder and found a “We’ve noticed a new login” email from instagram yesterday

    The junk-ing security notices is so common.
    A few months ago, my dad said “uh, I got some email from my bank, and now my credit card doesn’t work”.
    The email was describing some problem with his account which would have been so much easy to fix before they cancelled the card.
    Similarly, I lost a domain name because the registrar notifications for renewal ended up in my junk mail.

    It’s probably quite a significant issue. Companies can go “well we tried to contact you” and wash their hands.
    Doesn’t matter that they also spammed bullshit marketing emails from the same address that issues security/renewal notifications.
    Doesn’t matter that spam email has been such an issue it is near-impossible to host your own email server (and expect delivery) for a decade or so now.

    • SolOrion@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      6 months ago

      Meanwhile my main email account has started getting “WALMART.WIN.CONFIRMATION PLEASE REPLY TO LOCK IN YOUR NEW IPAD” emails from a4c9z4jskp8e8_a4c9tgz4jskp@cardci.de (I mangled that email a bit but it’s close to accurate) about once a week. Just… in my main fuckin inbox.

      It’s frustrating because it’s so obviously spam.