Video Screencast Help
Security Response

Instagram Hoax: Over 100,000 Users Repost Bogus Account Deletion Message

Created: 16 Dec 2013 23:23:48 GMT • Updated: 23 Jan 2014 18:02:22 GMT • Translations available: 日本語
Satnam Narang's picture
+1 1 Vote
Login to vote

Over the weekend, a hoax about mass account deletion made its rounds on photo-sharing app Instagram. A bogus account @activeaccountsafe, posted a photo which claimed to be a privacy policy update from Instagram. The photo reads:

“On December 20, 2013 we will be randomly deleting a huge mass of Instagram accounts. Many users create multiple accounts and don’t use them all. This cost us $1.1 million to run inactive accounts. These accounts become inactive and then create spams. In order for us to keep al spam off of Instagram we will be randomly deleting accounts. To keep your account active REPOST this picture with @ActiveAccountSafe & #ActiveAccountSafe . We’re doing this to keep active users online.”

Instagram Hoax 1 edit 2.png

Figure 1. The hoax Instagram account @ActiveAccountSafe

The account amassed close to 100,000 followers, while the hashtag #ActiveAccountSafe has racked up nearly 150,000 posts.

Instagram Hoax 2 edit 2.png

Figure 2. Nearly 150,000 posts using the hashtag #ActiveAccountSafe

We recently discovered a scam which duped 100,000 Instagram users into giving up their login credentials. Unlike the previous scam, this one did not ask users to login with their Instagram login credentials. It merely asked them to re-post a photo. However, the message is clear: social network users are constantly targeted by scams, spam and hoaxes and these campaigns succeed, which is why those responsible for them keep pursuing them..

Instagram users need not worry about plans to delete a large number of accounts on December 20, as it was all part of the hoax. Instagram has disabled the account and the hashtag is no longer searchable.

Symantec Security Response advises users to follow the official Instagram account and check the Instagram blog for updates to confirm any changes to privacy policy.