Perth socialite Melissa Graham held to ransom after Instagram privacy breach

Krystal SandersThe West Australian
Camera IconPerth socialite Lissy Graham fell prey to an privacy breach on Instagram over the weekend. Credit: Iain Gillespie

Perth socialite Melissa “Lissy” Graham is the first Perth victim of Instagram’s latest privacy breach.

The wife of Keystart Home Loans chief executive Paul had her Instagram account hacked and her profile along with its 15,000 followers vanished.

She first received a generic email from the social media site, confirming she had changed her email address and after logging in to investigate, she discovered her account had disappeared. Minutes later she was held to ransom by someone she had never met.

“Your Instagram page has been blocked. For unblocking accoun (sic) send message to our email. We will waiting for an answer three hours. If you don’t write to us, your account will be cleared from all photos and we sell it, or account will be deleted,” the email read.

Camera IconLissy Graham on Instagram. Credit: Instagram / lissygraham_
Read more...

“I just saw 4.5 years of work blow up in 30 seconds,” Ms Graham said. “I just panicked as unfortunately my passwords tended to be the same for everything from bank accounts to Instagram, Facebook, Net-A-Porter.”

Last week the personal details of 50 million Instagram users, including influencers and celebrities, were scraped from Mumbai-based social media marketing firm Chatrbox.

Yesterday design website Canva, co-founded by Perth’s Melanie Perkins, right, revealed it was the target of a massive data breach and told its 139 million users to change their passwords.

Camera IconMelanie Perkins Credit: Supplied

Ms Graham established herself as one of the city’s foremost fashion influencers thanks to her luxury wardrobe, regularly flaunting expensive outfits by Chanel and Balmain.

Her clients include Halo Diamonds, Perth Racing and David Jones. She can earn in excess of $2500 a post. Ms Graham admitted her flashy lifestyle may be the reason she was targeted.

“I’ve heard of people that have had to pay $5000 to get their account back,” she said.

Technology expert Ben Aylett said this was the first case he was aware of in Perth but it was common.

“This is not a mass email spam where they just try to infect your computer with ransomware and hope you pay up, Mr Aylett said. “They pre-qualify their targets by looking at what sort of Instagram posts they have, the reach they have and from that they can pretty much deduce what the account is worth to the victim.”

Mr Aylett said the process was called “credential stuffing” where they attempted to log in using the information from the databases they had breached. He said hacking was not a matter of “if” but “when” and urged users to set up different passwords on their online accounts.

Ms Graham’s new account has only 791 followers but she says her current clients will proceed with the work booked in over the next month. “I’m sure some clients will drop off, I’m naive to think they wouldn’t but I just have to accept that and move on,” she said.

Ms Graham is now warning others to heed cyber-security warnings.

“I always thought it was only people around hundred thousand followers, or Kim Kardashian, not Lissy Grahams from Perth,” she said.

An Instagram spokesperson said they had looked into the breach and found that found that “no private emails or phone numbers of Instagram users were accessed”.

“Chtrbox’s database had publicly available information from many sources, one of which was Instagram. Chtrbox also clarified that the database contained information for 350,000 people, not 49 million as has been reported,” they said.

“We’re looking into the issue to understand if the data described – including email and phone numbers – was from Instagram or from other sources.

“We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”

Get the latest news from thewest.com.au in your inbox.

Sign up for our emails