More Meta Woes

The problems with Meta seem never-ending.  After last week's fiasco of having my Facebook account deactivated because of alleged 'suspicious activity' and the struggle I had to regain access to it across all of my devices, today I had my Instagram account briefly hacked.   I was first alerted when my Facebook account helpfully told me that it had been removed from my Meta Accounts Centre, where I have it linked to the Facebook account.  I then found one of those e-mails from Instagram telling me that the email address used as a login ID had been changed and if it wasn't me who had changed it, then to reclaim the account.  Which I promptly did -it was a far easier process than it is for Facebook.  Luckily, apart from changing the bio on my account to some kind of link (probably to a dodgy crypto site) and following a hundred dodgy accounts, no damage seemed to have been done and I've been able to set everything right.  What I found somewhat bemusing was that it had taken four or five hours from the time that the email had been changed to Meta sending the email alerting me to the fact - with the hacker having all that time to do damage.  

The crucial question remains as to just how the hack was done - I'm pretty paranoid about the security of my devices, so I was reluctant to consider a hack of any of them, plus the account had one of those randomly generated passwords, different to the one I use on Facebook.  After some 'research' (ie, looking on Reddit), it seems that the most likely explanation is that the leaking of the login details lies with Meta itself which, apparently, was itself hacked some months ago and significant numbers of account details leaked.   If so, it might also explain the alleged 'suspicious activity' that got my Facebook account deactivated last week.  The reason that a hack of that, even if the login details were leaked, is unlikely to be successful is because that account has two-step verification and without access to my mobile phone, the login can't be completed.  All of which raises the perennial question of why do the likes of Meta try and pry more and more personal information out of us when they apparently cannot protect the data they already hold?  I feel vindicated in refusing to give social media sites personal info like addresses and phone numbers when these could so easily be obtained by third parties via a hack enabled by information already stolen from the companies themselves.  It seems ironic that they make such a fuss about the need for us users to use secure passwords, two-step verification and the like, yet themselves can't seem to be able to guarantee the security of even the most basic personal data that they already hold.  Hopefully, with a new Instagram password, I can have a respite from all of this nonsense.  I'm looking forward to getting back to posting about my usual shit...