If you’ve been noticing a strange rise of fruit-related pictures in your Instagram feed today, don’t worry. Your friends haven’t become (even more) obsessed with taking pictures of their healthy meals.
Well, you might want to worry a wee bit, because the pictures might be linked to a fruit-themed spam attack that’s slowly making its way around the popular photo-sharing service. It’s unclear just how said spammers are getting a hold of users’ login credentials, but the attack results in a number of pictures of fruit – of all things – being posted to a person’s Instagram account.
The text accompanying the pictures also includes a Bitly hyperlink – clicked on more than 35,000 times as of this article’s writing – that takes users to a fake BBC page promoting weight-loss coffee.
“Ever seen this stuff? I guess its super healthy, im giving it a try. I saw it on Dr Oz’s show! Link is in my bio #lovemyfollowers #health,” reads an example of one spammy photo’s description.
To its credit, Bitly is now throwing up a giant warning message for users attempting to click through to the aforementioned link. It’s possible the fake BBC site could just be a follow-through for the spam attack that attempts to pull money (and credit card credentials) from users foolish enough to place an order for the coffee, but there could also be some kind of method for pulling a user’s login credentials hosted on the itself. That’s the part we remain a bit in the dark on – how spammers get one’s credentials in the first place and load up one’s account with the fruity photos (in addition to changing a user’s bio to reference said fake BBC page).
Update 12:59 PT: An Instagram spokeswoman responded to our request for comment with the following: “Earlier today a small portion of our users experienced a spam incident where unwanted photos were posted from their accounts. Our security and spam team quickly took actions to secure the accounts involved, and the posted photos are being deleted.”
Anecdotally, it’s happened to multiple tech-savvy users in AllThingsD staffers’ feeds, including at least one Facebook employee. Om Malik over at GigaOm is also seeing similar activity in his own feed.
Instagram seems to be auto-recognizing some of this suspicious activity. One affected user I spoke to told me that Instagram sent him a standard password reset email shortly after he noticed the errant activity, and he was automatically logged out of the service. He changed his password and seems to be fine right now.
Something odd though perhaps unrelated: Twitter also saw a surge in spam earlier in the week, also focused on odd diet programs and suggestions. Related? Maybe, maybe not.
Still waiting for Facebook to explain exactly what’s going on. We’ll update when we hear back.
Meanwhile, look on the bright side: At least the spammers left our latte pics alone.
If you are an Instagram user, there’s a good chance that you’ve seen quite a few photos of fruit appearing in your stream recently, along with messages extolling a miracle fruit diet. Spammers are posting the photos to a user’s profile, as well as changing the URL in that person’s bio.
The scale of this seems to be pretty large. The link (which has been generated through bit.ly for some users) takes you to a fake BBC page and is getting a lot of attention. The stats for that bit.ly link are shown in the graphic below, with more than 30,000 clicks so far. It appears to be one of the first large-scale spam attacks to hit Instagram, a service that has grown exponentially over the past year. The service, which just launched video two weeks ago, now gets 130 million active users per month.