In the internet age, businesses have expanded their reach from the storefront to social media for global exposure. Instagram, home to many self-built businesses, is an immense platform of over one billion monthly active users. With its growing global popularity, there are risks of criminals taking advantage of weaknesses in the platform’s cybersecurity. Dylan Chao, a junior graphic design major at the University of Maryland, Baltimore County, is a make-up artist and beauty influencer who was targeted by hackers for his following.
Chao began building his business in his senior year of high-school by posting his make-up looks on Instagram. Working hard for years, he built a following of 14k through his artistic creativity, promoting of brands and collaborations with fellow creators.
The hacker contacted Chao through his business email, proposing a collaboration between the two as a disguise. After he clicked the included link, he was kicked out of his Instagram account. The hacker changed all of Chao’s personal information on the account, which led Chao to believe that his years of hard work were gone forever.
Instagram’s help center is entirely automated. While they share a phone and email contact, a human customer service representative is not on the other side. Online, they only provide a F.A.Q to help users fix common problems. Chao went to submit a form to retrieve his business account, but the coding of the page prevented him from both seeing his entered text and hitting the submit button. He had to scour online forums for information and found a third-party keyboard application to fix the form’s bug and submit his Instagram help form.
Despite being a growing platform that encourages users across the world to trust them for personal socialization and professional business dealings, Instagram’s help center failed to meet Chao’s needs in a time of crisis. He wondered, “Why do I have to go through this entire process of downloading and flipping back and forth between apps just to submit a help form just to get help?” For business owners intending to market their products, this lack of accessibility is worrisome.
While Instagram was swift to respond to Chao’s help form and returned his account, the hacker was able to take over Chao’s account a total of five times over three weeks.
The recommended security feature for Instagram is its two-factor authentication system. Following their suggestion, Chao enabled it each time he received his account back. Their automated system notifies the last email associated with the account of all changes and sends a link to reclaim the account’s information if needed. The hacker, receiving these emails, used the two-factor authentication to their advantage to take back Chao’s account.
Currently, Chao’s Instagram is back and he is continuing his growing success as a beauty influencer. Reflecting on his experience, he shared that “People don’t really understand the severity of what happened … [they] don’t realize that for a lot of people, Instagram is more than just a personal profile; It’s a business account. [I’ve] built all these connections and worked hard. It’s a portfolio of [my] work.”
Going forward, Instagram and other platforms need to adopt workplace professionality in the realm of customer service protocol and cybersecurity. While Chao did not lose his portfolio, the threat still impacted his professional and personal life. He created a petition on Change.org as a call to Instagram to improve their system. Readers are encouraged to sign his petition and visit his Instagram, Tiktok and Youtube channel.
