Instagram scam lured 100,000 users to give up login info for 'likes'

Instagram scam lured 100,000 users to give up login info for ‘likes’

An app called InstLike tricked at least 100,000 smartphone users into giving up their Instagram login information in order to gain more likes and followers.

By Salvador Rodriguez

Nov. 14, 2013 9:43 AM PT

Before being removed from the Apple App Store and Google Play, an app called InstLike duped Instagram users into sharing their login information with the app in order to gain ‘likes’ and followers, a report said.

The app asked users to share their Instagram username and password, all the while reassuring users that it would not misuse the information. But once users shared the information, InstLike turned accounts into digital zombies that would follow other InstLike users who had paid to gain followers and ‘likes’ for their photos.

For giving up their account information, InstLike users were daily paid 20 virtual coins, which could be used to purchase more ‘likes’ and followers. One coin gained one ‘like’ while 10 coins gained one follower. Users who wanted more coins could purchase 100 for $1. InstLike also kept growing its network of Instagram-picture-liking zombie accounts by promising users 50 coins every time they referred new friends to the app.

PHOTOS: Google barge to be ‘unprecedented artistic structure’

The InstLike scam was stopped earlier this month after security firm Symantec reported it to Google and Apple, both of which had allowed the app to remain in their app stores for months.

During the time InstLike was available, the app was successful in attracting new users and getting their money. On Google Play, the app was downloaded by at least 100,000 users while in the Apple App Store, the app peaked as the No. 22 most downloaded utilities app. During October and a few days in November, it was also the highest-grossing utilities app in the Apple App Store.

“It’s just very interesting to see what length people will go to in order to get Likes in their photos,” Symantec Security Researcher Satnam Narang told Mashable. “This is the generation of the future. If you’re willingly giving out your login credentials for your social media accounts, that’s bad security policy.”

Fortunately for unsuspecting users, it’s no longer possible to download InstLike. However, users who already downloaded the app are still able to use it. Symantec recommends that those users delete the app and immediately change their Instagram account password.

ALSO:

Snapchat reportedly declined $3 billion offer from Facebook

Google reopens invitation process for buying its smartglasses

Following disappointing Moto X sales, Motorola unveils $179