Instagram hacks traced back to Russian domains, FBI asks users to report immediately

CHICAGO (WLS) -- The I-Team investigated Instagram hacks that led back to Russian email domains. The FBI says people should be reporting these potential Russian hacks immediately.

"I don't know what the hackers' intensions are," said Aaron Campbell.

Campbell's Instagram hack was an Instant nightmare.

He heavily relies on the platform with 1 billion users worldwide to communicate with friends and family, and to post photos of his life and music.

"It feels like something has been taken from me that was mine that I now can't have back," he said.

Campbell's account was recently hacked and then frozen with a new profile picture from the movie of the same name.

"With someone else having access you just never know what a person's intents are. They could create a duplicate account out there and try to impersonate me," Campbell said.

At first, he turned to Instagram for help.

"Help me recover my account. And not just me. There are countless other people that have reached out via Instagram's' Facebook page. If you look in the comments, there are still tons of complaints coming in of people who have received no help and are just like me in this endless automated help cycle getting nowhere," he said.

The I-Team also saw those comments on Instagram's Facebook page, users who said they are getting nowhere. The platform does offer links to recover hacked or blocked accounts, but there are no tech representatives to call.

"It really crushed me because it had all my pictures with band members and my sister," said Julia Duerig.

Duerig's Instagram account was hijacked too. She had just posted a campaign to raise funds for a juvenile cancer foundation.

"I made a separate email account just to message them because they stopped responding to my previous emails," she said. "They were like 'we can't help you until you send us all the information,' the email address and phone number you signed up with, and I kept getting that email every time."

Duerig and Campbell both discovered their hackers' email addresses are from a .ru domain. That domain is based in Russia.

"So the fact that it is based in Russia where they are coming from makes you think of the propaganda efforts that the government of Russia or Russians entities have with regards to influencing mindsets and the political activities here of Americans here in the U.S.," said Steven Gomez, ABC News Security Consultant & Contributor.

Also a former FBI agent, Gomez said the trend is alarming.

"With the midterm elections coming up this is a big concern," he said. "They could be pushing out images not only of candidates but also of circumstances and policy positions that candidates are taking which could influence Americans that are going to vote."

Instagram declined the I-Team's requests for an interview, only offering those user help links and saying people should use a strong, unique password.

They also said people should "revoke access to any suspicious third-party apps and turn on two-factor authentication."

Instagram also posted on its blog that they are investigating the hacking issue.

Weeks after the I-Team became involved, Instagram helped Duerig and Campbell regain access to their accounts.

Instagram did not explain how our viewers' accounts were compromised and they did not respond to questions about those Russian domain emails.

Experts say you should regularly change your passwords on all social media accounts and use apps to help you generate passwords which are not related to your life at all. No birthdays, no street names, no pet names.

FULL STATEMENT FROM INSTAGRAM

We are aware that some people are having difficulty accessing their Instagram accounts. As we investigate this issue, we wanted to share the below guidance to help keep your account secure:

- If you received an email from us notifying you of a change in your email address, and you did not initiate this change - please click the link marked 'revert this change' in the email, and then change your password.

- We advise you pick a strong password. Use a combination of at least six numbers, letters and punctuation marks (like ! and &). It should be different from other passwords you use elsewhere on the internet.

- You can also use the steps outlined on this page to restore your account. Please use a new, secure email address to restore your account.

- Finally, revoke access to any suspicious third-party apps and turn on two-factor authentication for additional security. Our current two-factor authentication allows people to secure their account via text, and we're working on additional two-factor functionality with more to share soon.

For more information, please visit the Instagram Help Centre which includes steps you can take to restore your account, as well as Security Tips.

We have dedicated teams helping people to secure their accounts. If you have reached out to us about your account, you will hear back from our team soon.