Imagine investing six years in building up a substantial following on Instagram just to have your account disappear before your own eyes. That’s exactly what happened to London based painter Rosso Emerald Crimson.

Rosso successfully turned their art practice into a sustainable business, not least thanks to the obvious benefits Instagram offers to visual artists. Making social media part of your business plan and dedicating a substantial proportion of a working day to maintaining and growing social media audiences has its rewards, especially beyond the magic 10k mark.

On the flip side high numbers also attract another level of sophistication when it comes to hacking. We’ve all wised up to ignore the George Clooneys with single digit follower numbers despite the nice profile pic. In Rosso’s case the nightmare started with a direct message from what appeared to be an official Instagram account with well over 300k followers. Within minutes of clicking on a link contained in the message, Rosso was locked out of their own profile.

An automated email triggered by the hacker’s unrecognised login was already addressed to a new user name but allowed them to briefly log back on – just to witness the hacker change information in real time and eventually take full control of the profile. Rosso had the presence of mind to take screenshots and immediately followed the standard instructions provided by Instagram. Anyone whose account was ever compromised will be familiar with the drill: you request a security code, take a stressed mugshot selfie holding up a handwritten sign and eventually get handed back the keys to your Insta home.

Things got rather more complicated in Rosso’s case as their account was protected by 2-factor-authentication which triggered the verification codes being sent to the hacker’s mobile instead. By this point it was clear that all support emails and chats were automated despite the personalised appearance – each response just looping back to the same standard help page and no hint as to how to deal with more complicated hacks.

This could be enough to put you off social media altogether, but there is a happy ending! First and foremost, the lure and success of Instagram and Facebook is due to our desire for human connection and communication with real people.

Rather than giving up, Rosso reactivated a dormant account to reach out to friends and followers, ask for help and to explain their sudden disappearance from Instagram. Within a week the back-up profile had grown from a mere 5 to 1k followers – hard earned organic growth at a rate no bot can match! And proof that people care and look out for each other, as it was in response to one of Rosso’s posts here that a contact suggested consulting the legal team at Artquest and things finally started to move.

Artquest is an ACE-funded and artist-run platform that provides a wealth of solid advice and information for visual artists. Interestingly they decided to withdraw from Facebook and Instagram in October 2020 following a thorough and considered review – definitely worth a read, see link in notes below.

Soon after contacting the website, Rosso was contacted by a team of legal advisors collaborating with Artquest. It turns out that, as Rosso’s activity on Instagram was not limited to posting images but included exchanges of email and physical addresses, payment info, etc, they were protected under Data Protection Law.

We all click and agree to terms and conditions without reading the smallprint and privacy notices are not the most popular or prominent links on most websites. But following some more online digging and using a template downloaded from the ICO website, Rosso was a massive step closer to reaching the Data Protection Officer at Facebook (the owner of Instagram). More automated emails followed, this time requesting additional details plus a previously unused email address.

Ten days after clicking on a dodgy link, Rosso retrieved their profile. Ten days during which the hackers deleted all posts and all follows – presumably in preparation for renaming the account and possibly using the new identity to spread misinformation or propaganda from a seemingly legitimate and popular account.

There is no way of knowing how many accounts have been stolen in this way. Rosso identified another artist who fell victim to the same hackers and still hasn’t been able to retrieve their 300k account. The cases at the lower end must be very commonplace for Instagram to set up fully automated retrieval mechanisms. With less to lose, many users just give up and start again, allowing the deserted accounts to be sold on to bots. Either way, these stories are a stark reminder that social media accounts are mere commodities for the big tech firms and their cybercrime underbelly.

It’ll take more than ten days to rebuild an online presence and make good the damage caused by the hostile takeover. Luckily there’s no lack of content: Rosso is a prolific artist who has produced an extensive body of work with compelling stories to tell. Selected twice for participation in “Sky Portrait Artist of the Year”, further achievements include a number of prestigious awards and international press coverage.

An academic background in Political Science, International Communications and Human Rights shines through in Rosso’s art practice. Mainly self-taught yet rooted in classical portraiture, expressive characters are presented in contemporary settings, using bright palettes and creative elements that extend from collage and illustration to photography. Subjects range from family members, in particular the artist’s daughter, and self-portraits to commissioned work. All share a unique edginess and succeed in depicting both confidence and vulnerability. A celebration of strong womxn.

You can support Rosso, whose art has been the sole source of income for her family since the pandemic began, by following @rossoartist or, better still, invest in a work of art here.

Check out Artquest for a wealth of resources and their decision to leave Facebook and Instagram; and the ICO (Information Commissioner’s Office) for everything there is to know about data privacy matters. Did you know that cases of cyber crime should be reported within 72 hours to stand a chance of being solved?


0 Comments