Instagram users are getting caught up in a mysterious hacking epidemic that appears to be linked to Russia.
A growing number of frustrated users report being locked out of their accounts – and no one seems to know why.
There's been a spike in reports of cyber-attacks on Instagram across various social sites.
A report by Mashable reveals that Twitter users tweeted Instagram's account with the word "hack" 798 times in August – compared to just 40 times during the same period in July.
The article notes a similar jump in hack reports on Reddit.
And search traffic tracker Google Trends highlights some curious jumps in searches for the term "Instagram hacked" on August 7 and 11.
One user called Krista, who has more than 4,500 followers, discovered she had been logged out of her account.
When she tried to get back in, she soon learned that her username and photo had been changed, as well as the email address and phone number linked to her account.
A bid to reset her password revealed that her account was now linked to a .ru Russian domain email address.
Mashable spoke to half a dozen Instagrammers, all of whom had been hacked – and had their accounts linked to Russian email addresses.
Speaking to The Sun, Andy Norton, director of threat intelligence at Lastline, said: "There are many choices for email service providers and there are quite a few .ru providers.
"Possibly the attacker is comfortable in the Cyrillic language as list.ru has been used in one example."
What's concerning is that hackers are gaining access to accounts that are technically secure.
Some of the hacked accounts have two-factor authentication: this means you not only need a password to log-on, but a unique code sent over email or text message, too.
This is to prevent hackers who guess your password from getting into your account.
But it seems some digital crooks have found a way to skirt these safeguards.
"Although most of the accounts that have been taken over do not use 2FA, there have been anecdotal reports that some of the accounts were using this security option," Rob Shapland, Principal Cyber Security Consultant at Falanx Group, told The Sun.
"Although this is an excellent security control and should always be used, it's not fool proof and can be defeated if someone is either able to take control of the mobile phone number that receives the text message code, or if they can trick the account holder into visiting a fake version of the real website, which interacts with the real website and prompts the user to enter the two-factor code. "It's also possible the users' computers have already been hacked, which would then allow the hackers easy control over any accounts they are using."
This means it becomes very difficult to regain access to your account, because Instagram typically uses your email address or phone number to let you change your password.
"The maze that Instagram sends you on to get your account back is laughable and leads to broken/dead links and emails from robots which lead nowhere," said Abagail Nowak, who was caught up in an Instagram hack.
Another described the process of regaining account access as "extremely stressful".
We spoke to one Brit who had been hacked, who told us she had been left locked out of her account for three days – and still doesn't have access.
Jordan, 19, from Wiltshire, said: "I reported my account as hacked and then was sent the same automated email everyone else has got telling me to write a description of what happened and then a photo of me holding a sign with my @ and a code.
"But it seems Instagram are slow at responding to this, if they even respond at all," she told The Sun.
The Sun found a large number of tweets from users complaining about their Instagram accounts had been nabbed by crooks.
One moaned: "Hi Instagram your help centre is so unhelpful.
"How am I supposed [to] gain access to my hacked account if all you want to do is send an email asking me to reset my password and that email has been changed to theirs?"
Another said: "Someone hacked my Instagram account and Instagram won't help me."
That same person shared images revealing that her account email had been changed to a Russian address.
The pictures included on the tweet also showed that the user's phone number had been removed from her account.
In any case, it's still worth keeping two-factor authentication on your account, as it gives potential attackers another hurdle to get over.
We've asked Instagram for comment and will update this story with any response.
This story originally appeared in The Sun.