Recent hacks of Instagram accounts have users worried about the security of their accounts and personal information. It seems that Instagram hasn’t yet solved the issues, which have been occurring throughout the month and have left users locked out of their accounts without answers.

Users with the issue have reported finding that they have been logged out of their accounts, and upon trying to log back in, discovered that their handle, profile pic, phone number, and email address were changed. Many users reported that email addresses now associated with their accounts have .ru (Russian) domains.

In many cases, the users had not enabled two-factor authentication, but that was not the case for all hacked accounts. Because Instagram relies on a mostly automated recovery system, users have been frustrated in their attempts to regain control of their accounts. For businesses that are unable to regain control of their accounts, the results can be devastating.

Abigail Nowak, a user who had her account hacked, complained:

The maze that Instagram sends you on to get your account back is laughable and leads to broken/dead links and emails from robots which lead nowhere.

One IT professional said that his company’s Instagram account is being hacked multiple times a day, greatly affecting his work:

Everything that Instagram has available is being done on our account and yet, every single time I get that SMS [the 2FA prompt], they have already changed the password. I cannot as an IT professional tell you how they are doing this. They must have some sort of flaw in Instagram fundamentally that they are exploiting to do this.

Instagram said in a statement that they are working to improve their two-factor authentication security, but didn’t elaborate.