Ruby was a typical Instagram user. Then something strange started happening… Aug 01, 2019 at 12:04 am

...and she got hacked.

Ruby was a young working woman living in Seattle who enjoyed using Instagram. “I just post photos of myself, my dog, my friends,” she said. “I’m a typical Instagram user. I just have a very special name.” What was Ruby’s very special name? It was … Ruby. Ruby is what’s known as an “OG username” in insta parlance. Short usernames, like Ruby, nouns like rainbow, and single letters, are coveted. Ruby happened into this username five years ago, and once she got it, something interesting started happening … Every day, 10 to 20 new people would follow her account.

These were strangers, and Ruby thought they were probably shell accounts. “They wouldn’t have many posts or they wouldn’t follow many people,” she said, “but they would have a lot of followers, or their name was Ruby something, and they would message me and say ‘I want your username.’” Someone messaged her and asked if the username was for sale. Then an offer: $5,000. And another: $25,000.

Ruby couldn’t believe it — was @ruby really so valuable? “I negotiated with him because I thought it was a joke, and I was like, ‘This username is worth so much, I get offers all the time,’” she said. “‘Look at all these people named Ruby that follow me. I want $100,000.’” The man countered: $35,000. No way, Ruby said. $85,000. “And then he said, ‘I’ll give you $65,000, and that’s my final offer,’” Ruby said.

The negotiations didn’t pan out, which wasn’t too surprising. And then a few weeks later, while she was sitting at her computer, she received a message from Instagram: an iPhone in Chicago had logged into her account at 2:08 p.m. Ruby immediately logged in and changed her password — all within the same minute. Three minutes later, she received the message again. This time when she logged in, she found that someone had changed her Instagram username. She was now Ruby Done. As in, Ruby-no-longer.

“Just a slap in the face," Ruby said. As she fumed over the loss of her Instagram username, it dawned on her that she was supposed to receive a phone call at 2 p.m. That call hadn’t come through. That’s weird, she thought. Then her text messages quit, and a message flashed on her phone: “No SIM card.” That’s when Ruby knew how she’d been hacked. She’d been SIM swapped, which she knew about from listening to an episode of the podcast Reply All. The episode was titled, “The Snapchat Thief.”

Credit: KUOW Photo/Megan Farmer

A SIM card is the thumb-sized card in your phone that has your personal information stored on it. You can pull it out and put it in another phone. Let’s say you lose that card; the phone company can port that information onto a new card if you can provide enough information proving that you are you. This is where the hacking can occur: Someone can impersonate you and get your information transferred to a new card. And when that happens, your phone is dead. Done. As in, done like Ruby Done. SIM swappers initially focused on celebrities and on big, wealthy cryptocurrency investors, said Alison Nixon, the director of security for Flashpoint, a cyber intelligence firm. She called those wealthy investors “whales.” “You are going to run out of whales eventually,” Nixon said. “At this point, they are just scraping the bottom of the barrel, just SIM swapping everybody they can.” Chester Wisniewski, a cyber security researcher with the security firm Sophos, said even if you aren’t rich, or a celebrity, or the keeper of a great Insta name like Ruby, you can still be a valuable target for hackers. “Your social capital online is worth a lot of money to a criminal,” Wisniewski said. “Most people are on edge about clicking links and open up things we’ve been warning them for years not to do.” But send a Facebook message from someone’s account, and family and friends will likely open it up. “You don’t have to be famous,” Wisniewski said. “You just have to be trusted and loved.” After the hack, Ruby called the AT&T fraud department. They told her that someone walked into a kiosk at a shopping mall in Maine with a fake driver’s license, and had the employee switch Ruby’s phone number to another phone. AT&T declined an interview request. In a statement, a spokesperson said the company aims to restore phone service quickly to victims.