Skip to main content

Instagram, TikTok, and Twitter team up to crack down on hackers who steal rare usernames

Instagram, TikTok, and Twitter team up to crack down on hackers who steal rare usernames


Hundreds of accounts affiliated with the OGUsers community have been disabled

Share this story

Illustration by Alex Castro / The Verge

Instagram has disabled hundreds of accounts that were stolen as part of online hacking operations designed to gain access to and sell rare and coveted usernames, the company tells The Verge. Both TikTok and Twitter also took action on some of the accounts belonging to the same hackers, reports journalist and cybersecurity expert Brian Krebs.

The Facebook-owned platform set its sights mainly on the community surrounding OGUsers, a website well-known for trafficking in stolen usernames and helping facilitate the hacking of these accounts through methods like SIM swapping, which is when a user gains control of someone’s phone number and uses it to reset passwords and take control of social media handles. News of Instagram’s enforcement was first reported on Thursday by Reuters.

“Today, we’re removing hundreds of accounts connected to members of the OGUsers forum. They harass, extort and cause harm to the Instagram community, and we will continue to do all we can to make it difficult for them to profit from Instagram usernames,” a Facebook spokesperson tells The Verge. The disclosure is notable because it’s the first time the platform has publicly shared information regarding moderation against username hackers. Earlier this week, Instagram released a new feature that lets people recover deleted posts, in the event a hacker takes control of their account and wipes it clean.

Facebook and Instagram are taking action against online username-stealing communities

Krebs reported on Thursday that the crackdown was something of a joint effort, with Twitter and TikTok also taking action against popular OGUsers community members at the same time on those companies’ respective platforms (although it’s unclear how much coordination there was between the three companies or how far-reaching TikTok and Twitter’s enforcement was).

“As part of our ongoing work to find and stop inauthentic behavior, we recently reclaimed a number of TikTok usernames that were being used for account squatting,” TikTok told Krebs in a statement. “We will continue to focus on staying ahead of the ever-evolving tactics of bad actors, including cooperating with third parties and others in the industry.”

In addition to disabling the accounts that were stolen, rendering them worthless, the social platforms have also disabled some accounts of well-known OGUsers middlemen who act as intermediaries during username transactions by holding funds in escrow in exchange for a cut of the fee, reports Reuters.

OGUsers made headlines last summer when a small cohort of hackers affiliated with the site allegedly participated in an unprecedented Twitter hack that involved resetting the passwords on the accounts of dozens of high-profile individuals and companies, including Elon Musk and Barack Obama, and using their access to run a bitcoin scam. Like the individual at the center of the Twitter hack, then-17-year-old Graham Ivan Clark, many of the hackers Instagram is cracking down on today and those who frequent OGUsers are minors, often drawn into the community by the allure of stealing and retaining a rare username of their own.

These usernames tend to be single words — in rare cases, individual letters or numbers — and they can fetch tens of thousands of dollars on underground markets for stolen digital goods. And because platforms like Instagram and Twitter have rules barring the buying and selling of accounts, the hackers interested in procuring one of these coveted handles often resort to illegal means to obtain them. SIM hacking is a popular method, but standard phishing as well as sustained online harassment, extortion, and even swatting are other known techniques, notes Reuters.