Citrine Marketing

View Original

Insta Nightmare: How Brand Strategist Hilary Hartling Handled Her Instagram Account Hack

Hilary Hartling is a brand strategist that helps businesses gain clarity around how they want to present themselves to the world. In 2017, she worked hard to build up her Instagram presence and following, making it the milestone 10K and beyond. 

In May 2018, Hilary's account was hacked and almost gone forever. She chats with me about what the experience taught her and how she recommends other entrepreneurs protect themselves and prioritize their efforts. 

When you first discovered your account was hacked, what did that look like? Was it completely gone from Instagram—handle, imagery, and all? 

I woke up on a Sunday morning (it was Mother’s Day, actually, while my mom was in town visiting me) to two DM’s on Facebook with screenshots of my Instagram account with the red Turkish flag as my profile pic, Highlight's graphic and post announcing that they HACKED my account.  They were literally boasting that they'd hacked my account!  I have a separate IG account under a different email (an old blog name I had started and then abandoned a couple years ago) that I could still access and I went searching for it through that account, but nothing.  At that point, several friends and followers were sending me screenshots of my account in the various stages of what was happening - first with all my images still there and just new awful suicidal type photos the hackers were posting, seeing it change names several times, then they deleted ALL of my content off the page entirely.

What was your initial reaction to learning you were hacked? What was your course of action? 

I literally thought my account was gone forever.  When you’ve spent 2 years growing your account, making it a business account to cultivate your brand and gain a following, and counting on that platform to reach your audience, it’s a shock to see it all gone in an instant.  It honestly feels like your house being burglarized.  Someone has come into your space and taken what’s yours.  My heart literally stopped for a second when it happened and while I went into action quickly, I stayed calm and thought, well maybe this is the Universe telling me I need to have more ways of reaching my audience and I need to diversify my communication platforms further.

My first course of action was calling the 1-800 number for Instagram.  Instagram has no service/call center and their phone message simply directs you to the online Help Center.  The online help center cannot actually help you if you’ve been hacked.  It takes more than reporting it to solve the problem.  Then, I thought of everyone I know who actually works with or knows someone at Instagram: old Disney marketing colleagues, one of my ex-clients who has direct Facebook contacts, and my brother.  Thank goodness my brother had a contact there who went above and beyond for me.

Do you know who did it and/or how they came to find your account?

It was Turkish hackers…I don’t know why they targeted my account or how they found me.  I still can’t understand the reason for hacking - - - it’s not like they’re going to keep my following by posting their version of content.  I think it’s purely malicious and done simply for the shock factor, showing they have the power to take what’s not theirs.

You were able to get help from Instagram, which is a hard thing to do. How did you get in touch with them and what was their course of action? 

I actually don’t think it’s possible to recover a hacked and stolen IG account without Instagram’s direct help, and even then, it’s hard. 

Turns out, my tech-savvy, UI / web and app designing brother knows a designer at Instagram and literally without my brother and his relationship with this awesome friend at IG, my account would be lost forever.  

They traced my account, found it, and as they were trying to “take it back,” the hackers could see that and kept trying to change the password again and again to keep it out of our reach.  As Instagram assigned the account back to my email address, I kept receiving updates from Instagram Turkey about changes in passwords and finally ended up receiving the security code for the hackers’ two-factor identification code, which my brother took, logged back in, used their code and grabbed my account back.

It was 4 long days of waiting and watching and crossing all my fingers and toes, and taking fast action to grab the hackers’ code before they realized I received it, to switch the account back under my control.  Then, the next day, Instagram was able to recover all of my past content that was deleted.  When that happened I heard from a ton of people because all the hackers’ content flooded back along with mine and I had to go through and delete all of their gray/red/suicidal crap.

Once your account had been recovered, what state was it in? Did they do any damage? 

When I got my content back and took a moment to be super grateful, I noticed several things they did to my account: 

  1. They unfollowed almost every account I had been following (before they hacked my account, I was following approximately 1,800 people and when I go it back I was following about 120…alot of which I had to delete because it was people the hackers wanted to follow, not me).
  2. They blocked TONS of accounts that I followed and/or engaged with regularly so those people didn’t know what happened to my account and couldn’t find me even if they looked me up.
  3. They also switched my account from a business account to a personal account…and it’s funny, I didn’t realize that until recently and I still need to go back in and correct that.

How are you safeguarding yourself against this happening in the future? Do you have any recommendations for others? 

It’s so important to be secure.  Your account really can’t be hacked unless you have a weak security system.  I did NOT have two-factor authentication set up on my account, which would’ve saved me from being fully hacked in the first place.

The other recommendations I’d have for others is to be sure you’re not using the same password across multiple logins (no matter what it is you’re logging into).  And, be sure your passwords aren’t “easy”…they need to be complex 10-15 characters with letters, numbers and symbols so they’re not easily “guess-able.”

In what ways has this experience opened your eyes in terms of your marketing efforts? Are you putting any less emphasis on Instagram now? 

I’d just been telling some fellow entrepreneurs that I really needed to prioritize getting people off of social media and onto my email list so that I’d always have a way to communicate to the bulk of my audience and not have to rely on social media to talk to my ideal clients.  

Funny, right?  Well, after this experience, yes I still use Instagram to promote and talk about my business, what I’m up to behind the scenes and give entrepreneurs tips and tricks to help them brand their businesses.  However, I’m in full GO mode over here at Hilary Hartling HQ planning new ways to grow my email list and have some fun freebies and events coming that will be a great way to engage with my audience, given them some great value tied to cultivating their brands and to grow my list.

In a nutshell, I’m not de-emphasizing Instagram, but I am prioritizing my email list and figuring out the best way for my brand to live in the world whether we have access to social media platforms or not.

Follow Hilary on Instagram and sign up for her email list here