instagram account hacked

We may be in the midst of an Instagram hacking epidemic.

In recent months, users running Instagram accounts big and small have found themselves locked out of their accounts, with few options for recourse.

If you’re worried your account has been compromised, you might want to skip ahead to “Do This If You’re Locked Out of Instagram,” and follow the instructions. If you act quickly, you may be able to solve the problem fairly easily. Otherwise, things can get very tricky.

That’s what Afua Ayisi learned after she lost control of the Instagram account she runs for her small New York City business. A little over a week ago, Ayisi clicked a link in an Instagram message from a criminal posing as one of her business contacts. That took her to an exact replica of Instagram’s log-in page, and Ayisi typed in her credentials. It was a big mistake.

“I would say it was all over in under 3 minutes,” Ayisi says. She was logged out almost immediately, and the email address and password on the account were changed. Soon the scammer was contacting her customers, trying to rope people into a bitcoin scheme.

“It’s just so violating,” she says. “I can’t even describe the feeling.”What’s New from Consumer ReportsGet trusted advice delivered weekly straight to your inbox. Essential product news, advice, and updates from Consumer Reports.Sign UpMORE ON PRIVACY AND SECURITYTips for Better PasswordsWhy It’s Smart to Use Authentication Apps for Multifactor Security30-Second Privacy Fixes: Simple Ways to Protect Your DataHow to Use Instagram Privacy SettingsCR’s Security Planner

The problem has affected several high-profile Instagram users, too. A criminal reportedly compromised the Instagram account for Bored Ape Yacht Club, a leading collective for NFTs (non-fungible tokens, digital files that can be bought and sold as investments) in late April. Reports say the hacker was able to steal $3 million of NFTs by tricking the account’s followers with a phishing attack. Then, the account for Gabriel Clark, a 12-year-old who amassed 256,000 followers after going viral for his woodworking skills and raising money for Ukrainian children affected by the war, was allegedly taken over by “Russian hackers,” according to the boy’s father.

Once your account is lost there’s often little you can do about it.

“Instagram has been notoriously uncooperative when people lose access to their accounts, and insensitive that many people have business revenue that depends on them,” says Dan Guido, the CEO of security firm Trail of Bits.

Ayisi waded through a confusing set of recovery tools that failed half a dozen times over the course of a week. Shortly after we contacted Instagram to ask about Ayisi’s case, one of the tools started working—though a spokesperson says the timing was just a coincidence.

“We have sophisticated measures in place to stop bad actors in their tracks before they gain access to accounts, as well as measures to help people recover their accounts,” the spokesperson says. “We know we can do more here, and we’re working hard in both of these areas to stop bad actors before they cause harm, and to keep our community safe.” Instagram is currently testing a new feature that lets a user’s friends help verify their identity when an account gets hacked.

While Ayisi eventually recovered her account, others haven’t been so lucky: We spoke to users who say their Instagram accounts were lost forever.

You may have a very brief period of time after an Instagram hijacking to save the account. Below you’ll find all the steps you can follow, in the order you should try them. We also have advice on what to avoid doing to try to recover your account and how to protect yourself to begin with.

Try This First

There are any number of indicators that your Instagram account has been compromised, such as suddenly getting logged out, activity that you don’t recognize, or an email from the company saying that someone has changed the password. You may also just worry that you gave away your log-in credentials in a phishing attack. In any of those cases, follow these steps immediately. 

If you still have access to your account, head to Instagram’s Login Activity page. Follow this link, or tap your profile photo in the bottom right of the app. Open the menu > Settings > Security > Login Activity. 

This page will show you every location and device where your account is logged in. If you see anything you don’t recognize, tap it and hit log out. That will kick off anyone who has broken in.

Next, change your password. Click here, or go to Settings > Security > Password. Follow the prompts.

Time is of the essence. Attackers may use automated computer programs to change your log-in credentials once they get access, says Dustin Warren, senior threat researcher at the security firm SpyCloud. It could be a matter of seconds, not minutes, before your problem gets much worse.

Next, go to the email account you used to register your Instagram account. Hackers will change the email address associated with your account so that you can’t get back in. Look for an email letting you know your email address has been changed. The email should come from (Check the spelling to be sure it’s that exact address.) You might be able to undo the damage by clicking the “Revert this change” link in that message to open Instagram’s settings.

If these steps worked, you’re in luck. Skip the next section and follow our instructions for securing your account going forward. Otherwise, on to round two.

Do This If You’re Locked Out Of Instagram

If the steps above failed, head to Instagram’s help page for hacked accounts.

Assuming the hacker already changed the email for your account, they probably changed the password, too. You can follow the steps on Instagram’s help page to have a Login Link sent to the phone number tied to your profile. But the hacker may have changed the phone number, too.

Here’s how to check: On Instagram’s log-in page, click either “Get help logging in” (on Android) or “Forgot password?” (on iPhone).

You’ll see the email address and phone number currently registered with your account. Ask for a Login Link if the contact information is correct. When you receive it, follow the instructions.

If your email and phone number have been changed, tap “I can’t access this email or phone number,” and follow the prompts. They’ll have you to put in a support request, and you may be asked to submit a “video selfie,” which will be compared to photos on your Instagram account to verify your identity. 

The last resort is to use Instagram’s hard-to-find page for log-in support.

These steps might not work. Ayisi tried all of them multiple times before the verification process succeeded, and online forums are full of people who ultimately gave up.

“The thing that makes this so hard is that the systems you set up to help people get their accounts back can also be used by hackers to break in,” Warren at SpyCloud says. “I think there’s more the platforms could be doing, but verifying people’s identity online is a crazy mess. I sympathize with Instagram’s trust and safety team.” 

Things You Shouldn’t Try

The steps above are basically your only options, according to the experts we spoke to. You may find people suggesting alternative routes online, but proceed with caution.

In particular, you may come across people and services who say they can recover your account—for a fee. Experts say you should stay away.

“No one other than employees at Instagram and the hacker will be able to change the details of that account to get it back,” Warren says. “I’ve seen a lot of people get scammed a second time by someone promising to help.”

Similarly, the experts we spoke to say it’s not a good idea to pay if the hacker offers to give you the account back for money (or anything of monetary value). Paying a ransom means trusting a criminal, and there’s no reason to assume they’ll follow through.

“I hate to say it, but if you’re not hearing a response from Instagram, that might be it,” Warren says. “The best thing you can do is educate people around you. Tell them about your experience so it doesn’t happen to them.”

How to Keep From Getting Hacked on Instagram

If you’ve followed all the steps above and didn’t solve the problem, it might be time to just make a new account. Going forward, there are several steps every Instagram user should implement to protect themselves.

First, use a strong, unique password. You can follow CR’s tips to make your credentials harder to crack. (The best plan is to use a password manager.) Second, set up multifactor authentication, or MFA (sometimes known as two-factor authentication). With MFA, you’ll be sent a code after you enter your password, so hackers can’t get in without access to more information. Experts say using an MFA app is far more secure than setting up MFA with a phone number.

You should also make it a habit to check any emails Instagram sends you, so you’ll find out quickly if someone changes the account’s email address, password, or phone number. You can adjust your notifications in Instagram’s settings so that you won’t get emails about anything else.

Finally, be careful when you’re talking to people online, even if it’s people you know. Take a look at CR’s guide to the latest scams for tips on protecting yourself. If someone sends you a link in a direct message, you might want to message them elsewhere to be sure it’s legit. “Yes, we shouldn’t be clicking links,” Ayisi says, “but we should also acknowledge that these hackers are getting smarter and smarter.” It can happen to anyone, and it’s easy to let your vigilance slip.

How to Recover Hacked Instagram Account By Requesting a Login Link

In this method, you need to confirm to Instagram that you are the owner of the account, you can request a login link to your email address or phone number by following these steps. 

  1. On the login screen, tap Get help logging in (Android) or Forgot password? (iPhone)
  2. Enter the username, email address, or phone number linked with your account
  3. Tap Next
  4. Select your email address or phone number
  5. Next, tap Send login link option
  6. You will get a login link to your email ID or phone number
  7. Click the login link in your email or SMS and follow the on-screen instructions

Note: In case you don’t remember the username, email address, or phone number linked with your account, tap Need more help? below the Next button (step 3) and follow the on-screen instructions.

Also Read: Instagram Highlights: How to Create Instagram Highlights on Mobile and PC

How to Recover Hacked Instagram Account By Requesting a Security Code

In case you are unable to recover your Instagram account with the login link, you can request Instagram support. Here are the steps you can follow:

  1. Go to the login screen
  2. Tap Get help logging in (below Log in)
  3. Enter the username, email address, or phone number linked with your account
  4. Tap Need more help?
  5. Follow the on-screen instructions
  6. Select either your email address or phone number
  7. Next, tap Send security code
  8. If you don’t receive a security code, tap I can’t access this email or phone number below Send the security code, then follow the on-screen instructions and get back your account. 

Note: If you have more than one Instagram account you may need to select the account you’re having trouble logging into first, then follow the on-screen instructions. (in step 3)

Also Read: Instagram Login Activity: How to Check and Delete Instagram Login Activity on Mobile and PC

How to Recover Hacked Instagram Account By Verifying your identity

This is handy when your Instagram account has photos without you and you have submitted a support request. In that case, first, you will be getting an auto-response email from the Support Team at Meta. And then, you will be asked to help verify your identity by providing the email address or phone number you signed up with and the type of device you used at the time of sign up like iPhone, iPad, Android, PC, etc.

Next, you will be asked to take a video selfie of you turning your head in different directions to help Instagram check that you’re a real person and confirm your identity. Once the video is submitted, you will get an email from Instagram. If the verification fails, you can submit a new video and Instagram will review it again.

Instagram says the video you submit will be deleted within 30 days. The company says it will use video selfies to ensure you are a real person and may confirm with a human review that you are authorized to recover your account.

Also Read: Forgot Instagram Password? How to Change or Reset Instagram Password on Desktop and Mobile App

Tips to Secure Instagram Account

Use Two-factor authentication

Two-factor authentication or 2FA is an additional security feature that helps you protect your Instagram account and your password. If you set up two-factor authentication, you’ll receive an SMS after entering your password. Only if the special login code is verified, you will be logged in to your Instagram account. 

Once you enter your username and password, you will be asked to enter security code

This way, your account will be more secure and when someone tries logging into your account from a device we don’t recognize, they won’t be able to log in without the code. Here is how you can set up 2FA on Instagram. 

  1. Open Instagram > Tap on your profile photo on the bottom right
  2. Tap more options in the top right
  3. Tap Settings
  4. Tap Security, then tap Two-Factor Authentication
  5. Tap Get Started at the bottom.
  6. Choose the security method you want to add
  7. Follow the on-screen instructions

Change the password every six months

While this might sound like a very basic way to keep your account safe, we often tend to forget to change passwords because it is an extra thing to remember for the next time. However, this is a very handy method to keep an account safe and with a mix of alphanumeric characters and special characters in the password, your account will be less prone to hacking.

Also Read: Instagram: How to Add Music or Songs to Instagram Story, Posts and Reels

Confirm your phone number and email address in the account settings

In case you have not done so already, confirm your phone number and email address and link them to your account. In case anything goes wrong in the future, your mail address and phone number linked will come to your rescue. 

  1. Go to Settings
  2. Tap on Account
  3. Select Personal information
  4. Confirm your phone number and email

Revoke access from other third-party apps and sites

There are many apps and websites where you’d have to use your Instagram, and login details to access the app/ website. While not all of those are harmful, some of them might be misusing your data or that particular website or app might leak your data like ID and password, so you can revoke access to these kinds of apps and services by visiting this web page

These were some of the best ways to keep your account safe from being hacked. By following these four practices, you will be able to keep your account safe from getting hacked easily.

Leave a Reply

Your email address will not be published.