⚠️ Warning: Possible security issue ⚠️⚠️

Hi everyone,

First of all, I want to make it absolutely clear: this is not an accusation against BigWinBoard or its administration in any way. The BWB team has nothing to do with what I’m about to describe — I’m posting this purely as a heads-up for fellow members and so the admins can investigate if they think it’s worth looking into.

Here’s what happened: a friend of mine and I both had our Instagram accounts compromised. Someone used them to post Stories promoting a scam casino site. Neither of us clicked anything suspicious, neither of us shared our passwords, and both of us had 2FA enabled — yet the accounts were accessed anyway.

The one thing we have in common: we both had BigWinBoard open in Google Chrome around the same timeframe.

This could mean several things, none of which necessarily involve BWB directly:

• A third-party script or ad network used by the site may have been compromised (this happens to perfectly legitimate sites without their knowledge)
• A shared Chrome extension we both have installed could be the culprit
• Some other common factor we haven’t identified yet

The reason 2FA didn’t protect us is likely because these attacks steal active session cookies from the browser — not passwords. Once they have the cookie, they’re already “logged in” and don’t need the 2FA code at all.

If you’ve had anything similar happen recently, please reply below. It would help figure out whether this is an isolated coincidence or something worth investigating further.

Suggested steps for all members:

• Check your Instagram active sessions (Settings → Security → Login Activity) and log out of everything
• Review your Chrome extensions and remove anything you don’t recognise
• Change your Instagram password as a precaution

Thanks to the BWB team for running such a great community — just wanted to flag this in case it helps anyone. Stay safe out there! 🙏