Adele, Future, MJ, and Tyla: What Their Hacks Teach Us

Over the past few years, social media hacks have exploded, targeting everyone from small businesses to huge brands. In fact, the latest round of celebrity hacks proves just how frequent and advanced these attacks have become. When multiple A-list accounts fall simultaneously to promote the same scam, you know cybercriminals have stepped up their game.

In this blog post, we'll examine what happened to Adele, Future, Michael Jackson, Zara Larsson, Tyla, and Pink Floyd on Instagram and we’ll share practical strategies to protect your brand from becoming the next victim.

What Happened To Adele, Future, Michael Jackson, Zara Larsson, Tyla, And Pink Floyd On Instagram?

On August 22, 2025, social media users worldwide noticed something unprecedented. Multiple celebrity Instagram accounts suddenly posted identical content… an AI-generated photo of rapper Future holding his record company FREEBANDZ emblem.

The caption on each post read, "@future 49Pkk9gtFYdbdU9ZPkrEX5Ckho9UhVMK96XCzvnepump," pointing followers to what appeared to be a cryptocurrency scam. But thankfully, within approximately 20 minutes, the posts were removed from all affected accounts. Still, the speed of the cleanup doesn’t take away from how unsettling the hack itself was, especially given that it wasn’t limited to just one celebrity.

What makes this incident particularly alarming is the simultaneous breach of Michael Jackson, Future, Pink Floyd, Zara Larsson, Tyla, and Adele's Instagram accounts. While individual celebrity hacks happen regularly, coordinated attacks on multiple high-profile accounts promoting identical scams is practically unheard of.

So what can you do to protect yourself from attacks like these?

What Can We Do To Protect Our Brands On Social Media?

The best way to protect your social media presence from account takeovers is to build multiple security layers that make attacks harder to execute and less likely to succeed. Think of it as creating obstacles that slow down and discourage attackers while preparing for worst-case scenarios.

Preparing For The Worst Case Scenario

Even with multiple security layers, determined attackers can sometimes succeed. That's why you need a plan for damage control and rapid account recovery.

Here are two things you need to have:

1) Create A Social Media Policy

A social media policy is a set of guidelines that outline how your business and employees should use social media responsibly. This document works as your organization's roadmap for maintaining security and engaging online.

The security section of your social media policy should include rules covering multiple risk areas and it should establish standards for social media use across all devices, preventing activities that could expose corporate accounts.

The policy should also clearly specify which departments or team members are responsible for each social media account. Define account ownership to prevent day-to-day confusion about access permissions and disputes when employees leave the organization.

2) Create A Rapid Response Team (RRT)

A Rapid Response Team (RRT) is a dedicated group within an organization tasked with managing and effectively responding to various types of incidents that require immediate action. These teams act as your first and last lines of defense when crises emerge.

RRTs can focus on different areas depending on organizational needs. Cybersecurity teams handle security threats and data breaches, while others manage social media crises, public relations emergencies, and business disruptions.

In social media contexts specifically, an RRT predicts, plans for, and responds to events that could threaten an organization's online reputation or operational stability. They develop protocols for different crisis scenarios and train team members on rapid response procedures.

Organizations need social media RRTs because online crises can spread very fast and damage reputation permanently if not addressed immediately. A single negative post can reach thousands of people before traditional response teams even become aware of the problem.

A clear example of this is this exact same incident. Hackers managed to breach Adele, Future, Michael Jackson, Tyla and Pink Floyd, putting their reputations and fan bases at risk (from which many lost money in the process).

Thankfully, their dedicated RRTs took action quickly before the situation got even worse. They resolved the breach within approximately 20 minutes, preventing further damage to their brands and audiences.

Building As Many Layers Of Security As Possible

Protecting your social media accounts is like protecting a castle. In medieval times, castles needed protection from attackers (sieges) who wanted to take control for strategic advantage.

Castles used many layers of defense like:

• Watch towers: Its main purpose was to provide a high, safe place from which a sentinel or guard could observe the surrounding area and alert against attacks and intruders.
• A moat: A moat was a primary defensive feature that acted as a water-filled or dry, deep trench surrounding a castle. Its purpose was to create a physical barrier to slow attackers and prevent them from reaching the castle walls with siege weapons like battering rams and siege towers.
• Defensive walls: A defensive wall was a fortification used to protect the castle from potential aggressors.
• Gates: The castle gate was a primary defensive structure designed to control access, repel attackers, and trap invaders.
• Defenders: A castle defender was responsible for protecting the castle and fighting enemy attackers.
• Stairs: Castle stairs (particularly the narrow, clockwise-spiraling type) played a significant defensive role by hindering attackers (especially right-handed swordsmen) by restricting their ability to wield weapons effectively.

Protecting social media accounts works similarly. You need to create as many layers of defense as possible to ensure accounts are extremely difficult to breach.

1) Regularly Train Your Team On Cybersecurity

Your employees are your watch towers. They observe your business communications and alert against attacks and intruders. However, the reality is that employees susceptible to social engineering can quickly become the weakest link in any cybersecurity framework. And attackers are taking full advantage of that.

In CrowdStrike's 2025 Global Threat Landscape report, they observed that in 2024, 79% of the detections they noticed were malware-free. Instead of relying on traditional malware, attackers are using hands-on-keyboard techniques that blend in with legitimate user activity to impede detection from certain types of tools.

That's why businesses must train employees to recognize social engineering attacks. Many employees lack understanding of the security risks associated with using social media for business, creating vulnerabilities in organizational defenses. They might share too much information, click suspicious links, or use weak authentication practices that expose business accounts.

2) Create A Strong Password

Strong passwords are your account's moat and main gate. Their goal is to protect against dictionary and brute force attacks, and credential stuffing. Their secondary goal is to slow down attackers and dissuade them from trying anything else to breach your accounts. In and of themselves they aren't hackproof, but they significantly increase your defense and stop most attacks.

To create a strong password, randomly generate passwords that are 14+ characters, using lowercase and capital letters, numbers, and symbols. The longer the password, the better.

We like using passwords that are at least 20 characters long for better protection. Here's an example of what that looks like: Qx9#mK2$vL7@nP4*bR8!

3) Enable Two Factor Authentication (2FA)

Two Factor Authentication (2FA) is your account's walls and secondary gate. 2FA is a system that requires a user to present a combination of two or more credentials to verify a user's identity for login.

It significantly increases security because even if one credential is compromised, unauthorized users will be unable to meet the second authentication requirement. In fact, 2FA is so effective that a report by the Cybersecurity and Infrastructure Security Agency (CISA) found that accounts with 2FA are 99% less likely to be hacked than those without it.

So take the time to enable it on all your accounts right now. It will significantly improve your cybersecurity posture and protect against most automated attacks.

You can use an authenticator app for enabling 2FA on individual accounts or a social media security tool like Spikerz to enable 2FA for teams. Each approach has distinct advantages depending on your organizational structure.

The main difference between the two is that traditional 2FA is a bottleneck for businesses. It only allows one person to have access to account codes, creating operational challenges.

2FA for teams uses IAM (Identity And Access Management) to create a secure environment where access is granted based on verified identities and predefined permissions. This allows for more than one person to have access to account codes while maintaining security.

4) Enable User Access Management (UAM)

User Access Management (UAM) is your account gatehouse. User Access Management (UAM) is the process of controlling who can access your organization's resources, including systems, data, networks, and social media accounts.

Its goal is to ensure users within your organization have access to exactly what they need. Nothing more, nothing less.

5) Use A Social Media Security Tool To Protect Your Accounts

Social media security tools are your account's defenders. Social media security tools are software and platform features that protect users and businesses from threats like hacking, phishing, malware, and data breaches. They provide specialized protection beyond basic platform security.

These tools include password managers and two-factor authentication (2FA) tools for stronger logins, platform privacy settings to control data sharing, and malware detection tools to protect devices. There’s also monitoring software that detects suspicious activity and responds automatically.

One example of monitoring software is Spikerz, a platform that monitors your social media accounts for login attempts from unrecognized locations, odd login behavior, successful account breaches, and role permission changes.

Spikerz also helps protect your account health. For instance:

• It automatically kicks out intruders, changes your password, and alerts you of the issue.
• It provides automatic backups to help you quickly recover your accounts if something goes wrong.
• It offers intelligent filters to detect and block spam, offensive language, and irrelevant content before it reaches your feed.
• It analyzes your content to ensure it complies with platform policies to avoid account limitations and shadowbans.

If you're not already using a social media security tool like Spikerz to protect your accounts, start today. Prevention costs far less than recovery. A single breach can cost thousands in lost revenue, damaged reputation, and recovery efforts. Professional security tools cost a fraction of that potential loss while providing round-the-clock protection.

6) Use Antivirus Software To Protect Local Environments

Antivirus software is both your account's defender and stairs. The goal of using antivirus software isn't to directly protect your social media accounts. It safeguards your computer against malware that could compromise your accounts indirectly.

Many hackers use infostealers (like keyloggers and stealing session cookies) to get access to sensitive information. Antivirus software protects against these threats and slows down other forms of attacks. It essentially adds a sixth layer of defense to social media accounts by securing the devices you use to access them.

Conclusion

The coordinated hack of Adele, Future, Michael Jackson, Pink Floyd, and Tyla's Instagram accounts marks a turning point in social media security. When cybercriminals can simultaneously breach multiple celebrity accounts to push the same scam, they're showing capabilities that should concern every business owner.

These attacks succeed because most organizations rely on basic security measures that worked years ago but can't handle modern threats. Strong passwords alone won't stop determined hackers, single-factor authentication leaves you vulnerable, and manual monitoring misses critical warning signs.

Your business needs the same multi-layered security approach that helped these celebrities recover within 20 minutes. Build your defenses with strong passwords, two-factor authentication, user access management, dedicated security tools, and a complete response plan. Also, train your team to recognize threats, create policies that prevent vulnerabilities and most importantly, invest in professional tools that work around the clock to protect your digital assets.

Don't wait for hackers to target your accounts. Every day without proper security is another opportunity for cybercriminals to destroy what you've built. Secure your social media presence with Spikerz today and transform your accounts from vulnerable targets into protected business assets.