Russians are apparently behind a strange hacking campaign that is taking over Instagram accounts, according to a report Monday from Mashable.

While no hard figures are given, at least several hundred users are reporting that they’ve found their Instagram accounts hacked and taken over.

“On Twitter, there have been more than 100 of these types of anecdotal reports in the last 24 hours alone,” the Mashable report noted. “According to data from analytics platform Talkwalker, there have been more than 5,000 tweets from 899 accounts mentioning Instagram hacks just in the last seven days. Many of these users have been desperately tweeting at Instagram’s Twitter account for help.”

The hacks all share a common story. Instagram users attempt to open the app to discover they’re logged out and when they try to log back in, they’re told that their username no longer exists. The accounts have the username, password and email address associated with the account changed, meaning that password recovery is impossible.

What’s missing from the story is the why, because it’s unknown why Russian hackers would want to hack Instagram accounts to begin with.

“We work hard to provide the Instagram community with a safe and secure experience,” Instagram said in a statement. “When we become aware of an account that has been compromised, we shut off access to the account and the people who’ve been affected are put through a remediation process so they can reset their password and take other necessary steps to secure their accounts.”

Travis Smith, principal security researcher at Tripwire Inc., told SiliconANGLE that although some of the users reporting issues didn’t have two-factor authentication enabled, it remains one of the most effective security methods.

“By having a unique code sent to your phone or leveraging a constantly changing pin code via an app, you can ensure that a hacker with your password will have difficulty getting into your account,” Smith said. But he noted that two-factor authentication is still a technical control implemented by humans.

“There may be other ways to bypass two-factor authentication outside of typical login methods,” he said. “Having strong and unique passwords for each account will minimize the chance that an attacker will reuse passwords from other breaches on accounts you’ve protected more heavily in the form of two-factor authentication.”

Photo: Kremlin/Wikimedia Commons