Instagram users are taking to Twitter tonight to complain that they have been hacked, with photos of smoothies posted to their accounts without permission. Those affected also say that a strange URL has been placed in their Instagram profile bios. Reports first started surfacing about the issue on Twitter around 11PM ET. Some Instagram users began tweeting that they were locked out of their user profiles after trying to reset their passwords. Others said that photos from the breach disappeared before they had a chance to remove them. In most cases, the added bio URLs remained in place even after the photos were taken down.
@instagram i've been like locked out of my account, i had to change the password because it got spam attacked and now i can't log in, help.— Jordan Phelps (@ItsThatJordan) July 27, 2013
At this point it's unclear how many users are affected, and whether this is a case of someone breaking into Instagram servers, password harvesting, or something else. In the meantime, we'd recommend against tapping on the mysterious URLs, which are constructed to look like BBC news links. We've reached out to Instagram and its parent company, Facebook, for comment — we'll update you here with any further details.
Big security breach definitely happening on Instagram. This is the third hacked account I've seen including mine. pic.twitter.com/sWvoZBeVIo— Graham Hancock (@grahamhancock) July 27, 2013
Update: Instagram has confirmed the hack in a statement to The Next Web:
Last night a small portion of our users experienced a spam incident where unwanted photos were posted from their accounts. Our security and spam team quickly took actions to secure the accounts involved, and the posted photos are being deleted.