Hackers who prey on high-traffic Instagram accounts, often those belonging to celebrities or pop culture icons, have found new victims in the high-dollar world of legal marijuana, industry observers say.
Anthony Carbone, a marketing and security consultant who specializes in Instagram, says hackers have exhausted takeovers of accounts belonging to actors, sports stars and the like. “This is happening [to marijuana-related accounts] because the hackers have gone through all the celebrity accounts and exotic car pages in the last year and a half,” he says.
Hackers demand ransoms of $2,000 to $25,000 depending on the number of followers a victim claims, according to Carbone. The cost can be worth paying for businesses that rely on Instagram to make money, he says. Instagram itself can help users recover accounts, but sometimes not before greater losses mount.
“While an Instagram account takeover is a new twist
According to cybersecurity experts, marijuana-related accounts are prime targets for hackers because they often have a lot of followers, they're connected to companies that can rake in cash, and they're indispensable marketing tools for an industry still wary of coming out into the daylight.
“While an Instagram account takeover is a new twist, ransoming digital accounts is very common and has been going on for some time,” Eva Velasquez, president of Identity Theft Resource Center, said via email. “Scammers are always inventing new ways to exploit their targets.”
A manager at TLC Collective in Boyle Heights said an affiliated account with more than 300,000 followers — that of the Jungle Boys grow operation — was disabled for 24 hours recently, but “we got it taken care of.” The manager, who asked not to be named because of the precarious legal situation of L.A. cannabis operators, said hackers are known to demand $2,000 to $5,000 for a page's return; he wouldn't say if his employer paid up. “My boy got it back,” he said.
The operator of CaliCropDoc, a consulting firm for cannabis growers, said through a publicist that an affiliated model with 1.6 million Instagram followers had her account hacked after she promoted a giveaway for medical marijuana companies RxCannaCare.com and PathogenZERO.com. Her account was taken down and replaced with a smiley face that said, “You've been hacked,” the publicist said via email. The model was able to get her account back with the assistance of the Instagram help desk, she said.
Instagram security consultant Carbone, whose clients reach 18 million followers with 30 Instagram accounts, says hackers, based on a little research, can take over users' mobile phones by virtually switching their SIM cards. While some observers believe these hacks are coming from Russia, Carbone says, “It's a community of hackers around the world that does this just for shits and giggles.”
Velasquez recommends that marijuana businesses reliant on Instagram and other social media platforms review their best practices for security. “This includes such things as using strong passwords, installing antivirus on both your computer and mobile devices and not clicking on links or attachments you weren’t expecting,” she said.
The Instagram page for Alternative Herbal Heath Services, a collective in West Hollywood, went down Friday. Dispensary volunteer Christina Welsh says this is at least the third time the retailer's account was “deleted.” But she doesn't blame hackers, and she says no one has asked for ransom.
Instagram swiftly restored the account on previous occasions, she says, because the dispensary operates within the network's rules, even if some folks might find the pot imagery objectionable.
“Parents might have reported us,” she says.