Hi, I need help with something that’s really driving me nuts.
I woke up to my Instagram having posted a spam fake Rayban sunglasses picture that’s clearly a virus or something.
I did not have 2fa enabled, but I did have a unique password something like [email protected]$GFSY#56t that’s not used anywhere else and was generated by Lastpass. I have checked the email and password on haveibeenpwned and it’s negative.
Anyway, I go to security and see an active session from Taiwan. I figure this is the end of it, I change passwords, enable 2FA and sign out all other sessions.
I wanted to trace back when and how the account was accessed, so I downloaded the data archive from Instagram and found out that:
1- There was never any other logged in IP other than mine which is not in Taiwan.
2- There was no new login in the past month other than my own IPs.
3- Since it’s common to also steal an email and hide all login alerts in spam, I went to see the history of emails Instagram sent to me, and it never sent an email about a new or suspicious login. My email is also 2FA enabled and has a unique password.
4- I scanned the PC out of panic with Malwarebyes, Kaspersky and Defender. All clean.
5- The account does not, and did not have in the past, 3rd party access, as confirmed on Instagram itself.
Which leaves me with the question…how could this have possibly happened? Does anyone have an explanation?
If the account had a successful login from Taiwan:
1- Why didn’t Instagram send me an email? (For anyone who skipped above, Instagram’s own data says an email was never sent)
2- How did he guess a unique randomly generated password that’s not used anywhere else? (For anyone who skipped, AV scans returned clean)
Not having answers to these questions leaves me very nervous right now despite the fact that this was 4 days ago and nothing suspicious has happened since.