Instagram has partnered with other social media platforms, including Twitter and TikTok, to ban users who have been involved in stealing hundreds of one-word usernames.
These short, desirable handles, known as “OG Usernames” (think keywords like @Killer, @Sick, and @Miracle), are valuable because they stand out and confer status; the people who first took them away were early adopters. Cyber criminals buy and sell the usernames on special forums and messaging apps.
The crackdown, which began on Thursday, follows a months-long investigation by Instagram into ogusers.com, the main forum where these accounts are sold and traded. Instagram found that stolen account names were obtained through hacking, extortion, blackmail, and intimidation – then sold for as much as $ 40,000. Such manipulation has remained largely uncontrolled for years. (Ogusers.com was also the forum where last year’s giant Twitter hack that hit former President Barack Obama, Elon Musk, and many other celebrities was orchestrated.)
Ajay Pondicherry, 38, a real estate software entrepreneur based in Los Angeles, was one of Instagram’s first few thousand users, so he could easily claim the handle @Ajay. Over the years, people had offered to buy or trade his username, but he always refused to give it up.
“It was a sign that I was one of the early adopters of Instagram. I’ve always been a big fan of the product and with that handle I just proved I was on board early, ”he said. “I appreciated it more when people tried to get hold of me and trade and buy it from me. It had cachet. “
On February 21, 2019, Mr. Pondicherry found himself unable to access his email accounts. Then his phone stopped working. When he checked his AT&T account the next day, his number was linked to a new phone.
What Mr. Pondicherry experienced was a SIM swap, in which a cyber criminal misuses someone’s personal information to gain control of their phone number from a wireless provider, then uses two-factor authentication to access their personal accounts. After Mr. Pondicherry regained control of his AT&T account and attempted to log into Instagram, he discovered that his handle, @Ajay, had been stolen by the hacker.
SIM swapping is the preferred method of many cyber criminals to obtain valuable Instagram accounts and social media files. (It was also the method hackers used to take over Twitter CEO Jack Dorsey’s Twitter account in 2019.)
But recently, cyber criminals looking for OG usernames have resorted to harassment and threats. According to Instagram, the people behind the accounts banned on Thursday – some of which had millions of followers – had subjected the owners of desired Instagram handles to threats of slapping, revenge porn, and violence.
Jackson Weimer, 22, the administrator of a meme account called @ hugeplateofketchup8, said he has met hundreds of people who engage in this type of behavior online.
“Their main goal is to grow their pages, and selling these OG usernames is a game for a lot of them,” he said. “Their goal is to do this to as many people as possible. Every meme page has encountered one of these people. “
After drawing attention to these practices on his own Instagram, Mr. Weimer faced a barrage of intimidation. “They sent me pictures of my house on Google Maps,” he said of his harassment. ‘They told me they wanted to rape and kill my parents. They said I would regret it. They would often send me my address and create an account where they ‘exposed’ me on Instagram, where they just post and make up lies about me. “
Instagram said nine cyber criminals were behind the unauthorized seizure of hundreds of Instagram accounts, but the platform’s ban includes not only these nine users, but also intermediaries who helped orchestrate the buying and selling of accounts on ogusers.com and Telegram , an encrypted messaging app. Many of the middlemen are young people, including teenagers, who see short handles as status symbols.
“It’s like driving a fast car when cars are important,” says Dr. Argelinda Baroni, a clinical assistant professor of child and adolescent psychiatry at NYU Langone Health. “Children in general want to be validated. Children want to be cool. But children do very dangerous things to gain status. “
After noticing an alarming increase in account theft and escalation of the methods used to obtain usernames, Instagram took action in 2020 and began partnering with TikTok and Twitter to identify accounts across platforms.
“As part of our ongoing work to detect and stop non-authentic behavior, we recently reclaimed a number of TikTok usernames used for inappropriate account cracking,” a TikTok representative said in a statement. “We will continue to focus on staying ahead of the ever-evolving tactics of bad actors, including working with third parties and others in the industry.”
Twitter confirmed that the company had also banned users for violating the platform’s tampering and spam policies. “This research was done in conjunction with Facebook,” said a Twitter representative.
Rachel Tobac, a hacker and the CEO of SocialProof Security, who organizes security training courses and workshops, said the pandemic has pushed more young people into online communities where they can make money and find camaraderie.
“It’s actually a lack of support and an increase in economic hardship, particularly under Covid-19,” she said. “I want to emphasize that this is a social challenge that these minors end up in cybercrime in this way. We will always have criminals, but we will see people, especially minors, turn to cybercrime when there is a lack of a support system or a specific economic downturn affecting them. “
Instagram said it is sending cease and desist letters to individuals behind the theft of high-quality handles and it is working with local law enforcement agencies to hold those involved in criminal activities to account.
While Instagram has previously banned meme accounts for violating its terms of service, Thursday’s crackdown is the most public and decisive action Instagram has taken against people manipulating the platform for financial gain. But Will Dyess, the vice president of Dank Memes, an e-commerce and media company that operates several pages of coveted usernames, said he was skeptical that attempts to steal the account would ever disappear entirely.
“Will @Stonks ever be a target? Probably not, especially after last week,” he said, referring to the GameStop frenzy. “There will always be demand for certain usernames, URLs. The real estate of the Internet is finite.”
Mr. Weimer said that while Instagram’s account ban was a good first step, it doesn’t address the deeper problem: young users just want to make money on the platform.
“I think the pandemic has led many children to try to make money in every possible way, no matter how scam,” he said. “They have more time on their phones, they are at home more often, many children have lost their part-time jobs.”
“If Instagram really wants to solve this problem,” continued Mr. Weimer, “they have to go from top to bottom and start paying people who create content so there is no reason for people to make money in other ways.”