By Iris Harshaw,
On April 11, sophomore Noli Owczarzak Wright received a very strange message on his Instagram account from one of his Instagram followers. It read, “Noli WTF you’re really on here, @TheNastyList_47, you’re ranked 29! this is so wrong.”
Wright proceeded to visit the profile page of @TheNastyList_47. The account had zero posts, but there was a link in the account’s bio that looked like it would lead to the supposed ‘nasty list’ that might have Wright’s name on it.
“I was pretty sure [my friend had] been hacked, but I, rather stupidly, clicked the link out of curiosity,” Wright said.
The link led to a fake Instagram login page that was controlled by the account. Wright put in his username and password, expecting to be then rerouted to the “nasty list” page after. Instead, his screen read, “Sorry, this page isn’t available.”
On April 12, Wright’s own Instagram account sent out the same strange message to all his followers that he had received the day before.
According to Instagram’s “Privacy and Safety Center” page, “If your account is leaving comments or sharing things that you haven’t posted, your password may be compromised.”
At that point, Wright realized that he had given his login information away to a hacker, and his account was now in that hacker’s control.
“I felt mostly annoyed that I had to respond to 200 confused people,” Wright said.
The “nasty list” hacking scam has been spreading like wildfire on Instagram this past week.
Every time that a “nasty list” account gets shut down by Instagram, new accounts appear with slight changes in the username. Davis High students have been hacked by many accounts such as @TheNastyList_34, @TheNasty_List_384, and @The_NastyList_89.
Senior Sophie Lopez has been sent a message about the “nasty list” three times so far, but she fortunately didn’t fall for the scam. Lopez claims that she is always careful with her online privacy.
“I’ve never felt 100 percent safe using any type of social media. I’ve realized that whatever information you put on the internet is probably accessible to people I don’t know,” Lopez said.
Wright, on the other hand, after changing his password on Instagram, doesn’t feel any unease about the security of his account.
“[The scam] didn’t seem to have much purpose more than spreading the virus,” Wright said.
Along with changing their password, Instagram’s Help Center recommends that users should consider setting up two-factor authentication (2FA) if their account has been hacked.
2FA is a security protocol that, if enabled, sends an alert to a user’s phone when their account is trying to be accessed on an unknown device.
If you are already a victim of the “nasty list” scam, or want to protect your account from whatever the next big scam is, activating 2FA is a smart step to take.