This home cocktail business almost lost everything when it was hacked
At a time when everyone was cooped up at home and glued to their smartphones, Instagram became the marketing channel of choice for many entrepreneurs. It was a particularly important lifeline for small food-and-beverage businesses like Salty Paloma, which sells home cocktail kits and cocktail salts. Everything was going great, until a hacker swooped in, hijacked their account and held it for ransom—and it’s far from an isolated incident. Here, Salty Paloma’s Amanda Chen and Evelyn Chick describe what it was like to be locked out of their digital storefront, and how they eventually got the keys back.
—As told to Kate Dingwall
Amanda Chen: I started Salty Paloma in 2017 as a line of creative salts for rimming cocktails— matcha cacao sugar, grapefruit-coriander-jalapeño salts for caesars, and hibiscus cinnamon salts for margaritas. I quickly started working with tequila brands, and by the end of 2019, Salty Paloma had over 10,000 followers on Instagram, thanks to ongoing work with brands and bars.
When Covid-19 hit, bars were closed and we had a lot of brand partnerships that weren’t able to continue. It left me in an awkward position. How would we continue? We started doing free Instagram lives, teaching people how to make cocktails at home, just like so many other bartenders and cocktail enthusiasts at the time. But we realized that there was a gap—the average consumer doesn’t typically have all of the ingredients that bartenders have to work with; the bitters and the specialty liqueurs, and such. It was tough for some people to participate because of this. So I started making individual-sized ingredients for cocktails and packing them in a kit—like a Good Food box, but for cocktails.
Evelyn Chick: Amanda approached me about these cocktail kits at the start of the pandemic; a way to bring home drinkers unique ingredients. I loved it. We wanted to keep the creativity flowing and make things a little interesting for everyone stuck at home. Good cocktails are so inaccessible outside of a bar.
Amanda: We created the Stay at Home Cocktail Club, a subscription-based program where we deliver individually portioned kits with homemade ingredients, swapping out the recipes each month to keep things interesting.
Evelyn: It was the first time cocktail kits had ever existed in Ontario, so we had so many issues with shipping. Who do we even talk to about shipping? The logistics of it, running an e-commerce store for the first time—it’s tough! We had products explode, customer service calls we weren’t ready for…it was new water that we were treading in. It was fun, exciting and so different from what we were used to.
We now have a full team that does all of the procurement. They make sure our cocktails travel well, especially for people outside the GTA. We also make non-alcoholic options to keep everything inclusive. It’s such a fun way to keep our community alive, and this was our way to connect with our customers without being behind a bar.
Amanda: Especially when everyone was so confused about what was going on, it’s so nice to have something familiar. We would have social hours to re-engage our community; to keep people feeling as lifted as possible during that dark lockdown, you know? Then our account got hacked.
Our entire team is always logged onto our Instagram account and someone accidentally clicked a link. We’ve had it happen a bunch of times before—with two-factor authentication you can usually reset it quickly. But I was in Mexico and I had just turned off the two-factor verification on our Instagram to switch SIM cards. It didn’t reset within the next hour as it should have. A full day went by. Then another day. One by one I saw every image, every piece of content, every cocktail kit get deleted. I’d refresh the page and another would be gone. There was nothing we could do.
We tried reaching out to Instagram to get the account back, but we just received an automated message—they were busy focusing on monitoring Covid-related content. Small businesses weren’t a priority. We couldn’t get any human contact with Instagram. We had so much proof that it was our account, but Instagram wouldn’t help. The only way to flag our account for a reset is to go through Instagram’s Help Centre. They ask you to take a photo of yourself holding a unique code to prove your identity. Twice a day for days, I would take photos of myself with new unique codes. I never got an answer. Meanwhile, customers were messaging us asking if we were still open. It was like Salty Paloma didn’t exist anymore. All of our content was deleted and the hacker changed our username. On top of it, they sent virus-filled hyperlinks to everyone who followed us. All our followers, our community, our customers were blocking and deleting our account.
For us, Instagram is so much more than a social media platform. Losing it ruins the seamlessness of our website. There were broken links, dead images and broken Pinterest photos. All of our back-linking was unavailable. Our identity—everything we had built over the last nine months—was lost. Who are we without Salty Paloma? We built this persona together and to have it all removed, we were gutted. Absolutely gutted.
And what were we to do about our brand partnerships? They’re such a big part of our revenue stream. All of our hard work was gone, all because of a hack. We opened a new account, just in case. I had kind of admitted defeat; we were starting from scratch. It had taken us five years to build up 10,000 followers. What else could we do? This is our livelihood.
On day four, we actually heard from the hacker. An unmarked account contacted us, offering to give us our account back. They wanted $200, sent to a nondescript PayPal account. They told us the password, but we couldn’t get in without the security code. They said that as soon as we sent a screenshot of the payment, they would send the code. There’s no way we’d do it. How would we know we weren’t getting played? How do we trust them? Meanwhile, our new account was gaining speed. We were shocked. We had 600 followers, all from Toronto, and gaining more by the minute. Our friends and our peers were all sharing the posts. The city showed up for us.
Evelyn: We’re so lucky to have that support. The community came together. Even people we had never met—they were messaging us on our personal accounts, showing their support and asking how they could help. We asked our followers to continue reporting the account, and their efforts finally shut down the account. Without them, our account would have kept running without us.
Amanda: It was actually one of our followers who saved us. They pulled through and connected us with someone they knew at Facebook to help us. Their contact was able to reset our account with a different email address than our existing Instagram. I was sent a reset link, but it was broken. By some twist of fate, I was able to access it by using the password the old hacker teased us with. Eight days after we were hacked, we got our account back. But it wasn’t quite over. We had to ask everyone to unblock, undelete us and unfollow. Nevertheless, just weeks later, we now have a community of 11,000 strong.
We’ve had Instagram influencer friends who have gone through the same experience. They had fake accounts created, their accounts got hacked, and the hackers would hold their accounts ransom until they paid them. I don’t think these hackers are trying to make a bunch of money on one transaction. They’re trying to overtake a lot of small accounts and play the luck of the draw–if they hack into enough accounts, eventually some owners will pay to get them back. It’s a hard thing to gamble with when you’re talking about your livelihood.
Instagram needs a team working on these matters —if we fly enough of these red flags, hopefully they will be better equipped to help small businesses like ours in the future. No one should have to go through this, especially after the year we’ve had.