Username hacking consists of stealing rare and coveted usernames on platforms like Instagram, and then sell them for a profit.
Instagram has disabled hundreds of accounts that were stolen. Both TikTok and Twitter also took action on some of the accounts belonging to the same hackers, according to journalist and cybersecurity expert Brian Krebs.
Instagram is particularly targeting the community surrounding OGUsers, a marketplace well-known for reselling stolen usernames and helping facilitate account hacking through methods like SIM swapping. This method exploits weaknesses in two-factor authentification, allowing hackers to gain control of someone’s phone number and using it to reset passwords and take control of their usernames.
“Today, we’re removing hundreds of accounts connected to members of the OGUsers forum. They harass, extort and cause harm to the Instagram community, and we will continue to do all we can to make it difficult for them to profit from Instagram usernames,” a Facebook spokesperson explained.
It is the first time Instagram has publicly shared information regarding moderation against username hackers. Just a few days ago, Instagram announced a new feature that lets you restore recently deleted posts, a feature most useful when an account has been hacked and its content deleted.
According to Brian Krebs, it seems like Twitter and TikTok both took action against popular OGUsers community members, combining efforts with Instagram.
“As part of our ongoing work to find and stop inauthentic behavior, we recently reclaimed a number of TikTok usernames that were being used for account squatting,” TikTok told Krebs in a statement. “We will continue to focus on staying ahead of the ever-evolving tactics of bad actors, including cooperating with third parties and others in the industry.”
Ther targeted usernames tend to be single words and/or popular names that can be worth tens of thousands of dollars on the resell market.