Guides, Instagram

How to fix account compromised

Hi again, Ladies and Gentlemen! Originally, the main idea of this post must be absolutely another. As all you know the last weeks – management of Instagram accounts in automated software looks like hell. Too many issues such as accounts with pop up “account compromised” or endless action blocks, due to – account cant perform even several actions. That’s why we were going to test different software and check out may the specific software trigger those issues. A week later we gave up since we got absolutely the same results across 4 different software we used.

A little information:

In case you are reading this thread – 100% you know what is “account compromised” pop up. Anyway, would like to explain: when your account gets a notification such as that – its a final warning from Instagram, which actually says: “We know you are using some kind of automation, and now you have to stop it, change your password and never do it again, or we will kick your ass” And actually they do.

Once you restore the account using a built-in software tool or manually via mobile phone, next to smart and the logical move would be to rest account a bit, for 24-48 hours and then slowly rewarm it to make possible perform actions via software again. But it doesn’t help, its only a temporary solution. Since we decide to make our test at one particular and best software, here is how it looks like in a real-time

Accounts perform the actions:

How to fix Account compromised

How to fix Account compromised

Each account is attached to its own private mobile proxy, so the ratio is 1:1 and set to perform the tiny number of actions per each tool, in avg 3-20 actions across the day. Night mode and posting campaign are activated.

Several days later first account got an “Account compromised” pop up. It’s a pitty of course, but quite “usual”.

How to fix Account compromised

Next steps are:

  • Restore account changing its password
  • Reset device ID
  • Get rest for a few days
  • Rewarm to make account perform again

During the first 2-5 days after the “AC” pop up – accounts usually perform well with no issues. In this particular case, we changed no settings, because accounts already by default are set to perform a superb small number of actions with big delays – exactly like during the warming up process.

How to fix Account compromised

Further – the issue may and actually will happen again (when exactly – it’s only a matter of time). And as it was expected – accounts alternately got the “AC” pop-ups.

How to fix Account compromised

In addition – there possible a bit another scenario: 1) Account gets “AC” pop up again and/or 2-7 days or even more volume action block depends on the number of previous “AC” pop-ups, examples:

How to fix Account compromised

This specific account got action block on August 7th, and earlier already got 2 or 3 “AC” notifications. (the screenshot is made on another test bunch of accounts, which was also set to perform a low number of actions daily)

But it’s not the worst case, exist the issue worse. Account performs the actions, gets “AC” notification, then, as usual, goes restore and rewarm process and seems to be account is running great again, then one day – booms and appears an action block. This block has no date, account tries to perform the action over and over again (suspend tool is activated), but no success.

How to fix Account compromised

Statistics:

How to fix Account compromised

We could talk at length about accounts and proxies quality, but the fact is: in case aged account being attached to the private mobile proxy can’t run low actions – it’s absolutely not normal and there must be some particular trigger. In any case, when the account gets “AC” notification or long block, “Solution” is the same: Restore –> Rewarm –> Perform, but its only a temp fix and basically its just a loop of AC/Block –> Restore –> Rewarm –> Perform – AC/Block –> Repeat.

I’m getting tired of that, that’s why remembering one famous quote: “Insanity is doing the same thing over and over again and expecting different results.” is obtained we were doing the same and that’s why something had to be changed. So, we decide to run another test bunch of accounts:

Test #1

How to fix Account compromised

Let the title not confuse you – Actually “Scrape and Follow” means scrape and then interact with the users, so all as always – accounts scrape users according to the set of filters and then interact with them – follow/like/stories and etc

And the second bunch of accounts:

How to fix Account compromised

According to the software support team reply we were told to use slave accounts for the scraping, so the accounts with the title “Follow specific users” didn’t scrape any users at all – they only interacted with the users scraped by other slave accounts.

All the accounts from two test bunches were set to perform via EB only, “Automatic API logout when action blocked” was deactivated and “Logout from embed browser when follow using EB is blocked” – activated.

On the first day, all seems to be quite well.

How to fix Account compromised

How to fix Account compromised

The next day, I got surprised. Accounts which made no scraping request at all and which should be running super safe – got the “Account compromised” notifications. Almost all of them:

How to fix Account compromised

At this point becomes clear – no scraping request – is not always a good idea, some kind of the requests still must be sent, there must be a balance. I suppose when the main account goes to some specific profile and instantly follows or likes it – this action looks suspicious since the real users rarely do the same. Basically they checking the account firstly, scrolling the feed, liking several pics during the scrolling, watching the videos, then probably watching the stories and finally in case they like an account – they follow it.

Several days later – accounts from the first test bunch also started to get “AC” pop-ups. Not so much, but anyway:

How to fix Account compromised

At this stage, the test must be pointed as a failed. Aged accounts with good trust level and attached mobile proxies cant perform low actions. There is nothing to add. The sad fact is that Instagram identifies software usage. That’s the most logical reason for the issues, but Instagram doesn’t identify the specific software or brand, its simply not needed, more likely it identify automated actions – the pattern or the template of actions. According to the test its needed 5-10 days for IG to make such a decision and restrict the account.

For example, here is the basic follow setting:

How to fix Account compromised

  • The low number of actions
  • High delays
  • Random sleep time

But on another hand – all these actions have the specific time frames: accounts execute actions day by day between 12:00 AM – 11:59 PM, then always a rest time in a frame of 30-45 minutes, and the sleep time. I would not say there is no randomization, but it’s quite basic and so there is a high probability its simply not enough, due to the real users never perform the actions day by day in specific time frames. Big delays don’t change anything, since increasing the delays – simply increasing the “wait time” no the randomization coefficient. Therefore we decide to run another test and make the actions as random as possible, for that we made 10 “fake” accounts as a template of the settings. Each account got its own set of actions (numbers to execute per operation and daily) with different delays, sleep and rest time.

Test #2

How to fix Account compromised

And added 10 more real test accounts

How to fix Account compromised

A few words about the settings:

I do believe, all of you know – to avoid the issues while running an Instagram account – you have to stay under the radar – keep a low profile, or perform the actions like the real people do other words. Its the main and basic rule.

Have you ever seen how real users use Instagram? (I’m not talking about the actions right now) Absolutely clear they are using it via installed mobile app – not via the desktop browser. What is the reason to use a browser when you already have an official optimized convenient application? I’m sure, you know – 95% of Instagram users interact this way. Personally I have opened an Instagram account in my desktop google chrome browser, probably as a lot of you too, but the number of people such as us  – is precious little, that’s we will set the accounts to run via API.

Next, about the logout/login option. When an account gets a temp action block – sometimes it helps to relogin, but once again – its a trick rather than a solution or normal account performance. Exactly as executing actions via EB. So logout operations would be deactivated too.

And about the templates of the settings and the way we used it. The main idea of this test is to make accounts perform randomly as much as possible, that’s why we launched accounts only during the working day, in addition, several times per day we changed the settings, example: Settings 1 copy to Account 1, Account 3; Settings 2 – copy to Account 2, Account 4 and so on during the whole day (09 AM – 6 PM). All other time – accounts should not perform the actions at all. Also, every new day – the main settings were changed too (Template settings). This way we wanted to see what kind of results we can achieve if the accounts will perform quite randomly using the spin of settings. As well as the settings – the actions after follow were different too: account could like some number of user’s photos or do not like at all, to watch the stories of the user or not or mix of these actions with random numbers. We didn’t set accounts to comment on the last user’s photo and send the direct message as after follow action, because it requires more time, and the settings and the test itself got already complicated. But it would be much better to use those tools, to randomize the actions. So here we go:

Day 1

How to fix Account compromised

Just started and already fail. Since a few hours after the start lot of accounts got an action block. Suspend tool did nothing, so accounts cannot run via API, have no idea why, but the fact is the fact. Aged accounts, private mobile proxies, low settings, and action block. There might be only one specific reason for that. Unfortunately, we could not run the accounts in its natural way and we had to move to the EB, which we wanted to avoid … We have not reseted device ID or did any kind of rewarm. Just switched to EB and continue the actions.

Day 2

How to fix Account compromised

Day 7

How to fix Account compromised

Day 10

How to fix Account compromised

The result we got seems quite encouraging. From time to time – some accounts got action blocks, but the temporary, so nothing serious in general. Obviously, not all of the accounts reached its daily numbers. It’s obvious because we changed the settings for every account several times daily. The basic idea of this test was to make accounts perform with no issues and avoid template in actions, to make accounts achieve its action numbers in a global time frame – week or month, not for the daily frame.

Thus in case, some account day by day follows the same number of users – let it be 30-50, with the same delays, – let it be 90-180 seconds. It’s not a random action, there are still specific frames, with a bit of range of course, but still. I have to say, according to mathematical statistics and laws of probability, the “random” doesn’t exist at all. If you can’t find the pattern – it only means the pattern is difficult and nothing else. To find the pattern – the time is needed and in case it’s not found yet – the pattern might be pointed as “random”.

I do understand test actions such we did, cant be pointed as automized – it’s rather a “babysitting”. In case there would be an option in the software such as create some number of templates for the specific tool(s) and then randomly accept it during or every new day – it would save us tons of time. But, anyway once again – we were looking not for the automation, we tried to run accounts into the software with no issues and that’s all.

All info above related to the action’s settings and running account into software only. For the accounts of the clients (client management), the situation a bit another. I can’t say all the info below is 100% correct, due it was not tested personally, but we got the same information from different sources. In addition here is the reply from the software support team: “Most likely you were using aggressive settings or you were accessing the account from another device while it is active and running on software or something that made the account behave in a way that is not normal and suspicious to Instagram.”

So, here is what I’m talking about: even before all these issues have started it was advised not to use the account simultaneously from 2 “devices” – mobile app and software. It doesn’t matter hows clean and close your proxy (IP) is to the location of the client (the account owner) – the account being added into software gets a new set of data: User-agent, Device ID and so on. It’s absolutely clear which device has more trust – user mobile’s phone or generated data set from the software, due to what particular device the account started using earlier. That’s why warming up process matters as never before, but it’s not enough. Usually, when some future client asks someone of us to promote his account – he already has an installed application, the logged account he or she already used before with some set of actions, so Instagram may collect the statistics of previous actions for the particular account and then compare it with the actions from a new IP and UA.

Once you import an account into software, attach it to the new IP and run actions, even low actions while the warming up process – guess how the Instagram algo point it? The account is moved to the new location (due to the usage of proxy) – Ok, no problem people may travel, so it’s okay. Then the account got a login from a new device never used before –  the owner could buy a new mobile phone – so, no problem it’s okay too. But the question arises why the previous IP and User Agent are still used by the account – so it’s clear, the account is used from 2 different devices simultaneously. And even more – the number of actions for the account from new IP and User-Agen which still have no trust – will be much bigger than the number of actions from the previous device. Thus what we got – account is still used by the owner on one hand and on another hand – it’s running into the software. Suspicious? Absolutely!

I cant and I will not approve info about simultaneous usage said on above absolutely correct, but at least it looks logical, also the users, who manage accounts of their clients and ask them to stop using the accounts, while it is running in software – have much fewer problems. Of course, it might be hard asking the clients to stop using accounts while it running into the software. They may forget about it, unconsciously automatically open the app once it will send some notification, simply skip this rule or it could be impossible in case the account is used as a sales or support tool, where other users ask some questions and want to get a reply. But the fact is the fact. The funny thing it might be not even enough, Instagram sends some requests in a background, due to it may identify is an account logged into the app (mobile phone) or emulated device (software).

I have already been talking a few times we noticed IG sends the request while account performs the actions, actually a lot of requests, but the most simple way to identify if the software or mobile phone used is to send a request, which software will no be able to reply to. Example: access to the phone book or availability of the phone book in general. In case 10/10 or 100/100 requests are failed – goodbye, the account is used into the software. I have no idea why people do not give special priority to this aspect and probably such “request – answer” are already realized in software, but in case it’s not – IG knows about all the automated accounts, and its a question of a time when accounts will get “AC” again. Anyway right now seems to be good settings and no simultaneous usage of account should be enough, so no overthinking.

Warning. Disclaimer!

This thread was made to share the info we have right now. We were trying to find a way to avoid the issues while running the accounts into the software and provide a bit of info we got. I don’t tend anyone to change your settings and repeat our tests. In case you already have some kind of working setup – do no touch it and do no change anything. Right now the situation around IG is quite fragile, and one wrong move may have adverse consequences. To be sure the info above is 100% correct, obviously, more time and data (accounts and actions) needed. Furthermore, it may happen the situation – Instagram updates its algos or add some new features due to it will be able to identify automated actions in some other way.

Good luck!

Related Posts