NewsTeam 10 Investigates

Actions

San Diego man said hacker stole his Instagram account and demanded ransom

The hacker demanded money in Bitcoin.
Posted
and last updated

SAN DIEGO (KGTV) - A San Diego man building his travel brand on Instagram said hackers tried to take it all away.

Claudio Copiano Jr. runs the account @globalvagabonds. He posts pictures from his travels all around the world and advises people on how to travel on a budget. He’s traveled around the United States and about 30 other countries so far. Copiano has received partnerships with two countries to post about his travels. Eventually, he hopes to build it into a full-time income.

“I want to show everybody what I do,” he said.

Recently, Copiano received a notification from Instagram saying his email had been changed. “I clicked on ‘forgot my password,’ even though I know my password,” Copiano said.

He still could not log in and started to panic. Then, he started to receive emails from someone who said he had hacked the account. The hacker demanded $300 in Bitcoin for the return of the account. Copiano said he sent dozens of emails to Instagram with no luck.

“I got an email the first time from them saying that my account had been deleted and there was nothing that they could do,” Copiano said.

Fortunately, he was able to figure out the new name of his account and determined it was still active. He said Instagram sent security codes to access his account but it was sent to the hacker’s email.

Copiano is still not sure how he got his account back, but said after dozens of attempts, the security code was sent to his phone and he was able to access his account. He immediately changed his password and emphasized he did not pay the ransom.

“You should never send money to a hacker because he’s not going to give you your account back,” Copiano said.

Security expert Ted Harrington, executive partner with Independent Security Evaluators, agrees.

“The reason you don’t pay the ransom is that [it] just further incentivizes other bad guys to keep doing this,” Harrington said. He also encourages people to contact the FBI if they believe they are a victim of a crime to file a report.

Harrington also said two-factor authentication is vital to keeping an account safe. It is something Copiano did not have at the time, but added it right after he got his account back.

“Two-factor authentication is essentially an additional way to verify who you are,” Harrington said. “Two-factor authentication is one of the most impactful security features that exist today.”

A spokesperson with Instagram said they recently launched a new in-app experience making it easier for people to sign in and reclaim an account if it has been hacked. They sent the following information to Team 10:

  • There are two ways to access this experience: 1) if we detect you are having trouble logging in (for e.g. if you repeatedly enter an incorrect password), or 2) by clicking “Need more help” on the login page.
  • The experience will ask you to enter different types of information specific to your account, for example, the email address or phone number associated with your account, or the email or phone number you used when you signed up to Instagram.
  • From there, we will send a 6 digit code to the contact information you select, which will allow you to regain access to your account. When you re-gain access to your account, we will take additional measures to ensure a hacker cannot use codes sent to your email address of phone number to access your account from a different device.
  • This experience allows you to recover your account even if the account information has been changed by a hacker e.g. if the username and associated contact information is changed.

The Instagram spokesperson also said if someone gains access through a compromised email account, people can follow steps detailed on the Help Center.