What to Do If Your Instagram Account Is Hacked in 2025

How to recover a hacked Instagram account

There are several ways to recover your hacked Instagram account, including resetting your password, contacting Instagram directly, and verifying your account details. If you act immediately, it’s more likely that you can recover your Instagram account with minimal fallout after a hack.

Here’s how to get your Instagram account back after a hack:

Check your email immediately

When an account password is changed or a new email address is added to your account, Instagram sends an email from no-reply@mail.instagram.com or security@mail.instagram.com to your existing email.

Just make sure to check that the Instagram security email address informing you of changes to your account is official. Sending fraudulent phishing emails about account changes is a common technique scammers use to lure individuals into giving away private information.

If you weren’t the one who made the change, receiving these emails is one of the first signs that your Instagram was hacked — if you catch it in time, you may be able to stop a hack by following these steps:

1. Tap Secure your account here.

   

2. Verify your details, and if any of this profile information wasn’t added by you, tap No, secure my account.

3. Select a verification method and follow the on-screen guidance provided to regain access to your account.

   

Contact Instagram for a login link

If reverting the changes made to your account is no longer possible and you’re locked out of your Instagram account, contact Instagram directly and use Instagram’s Account Help services.

On the Instagram login page, tap Forgot password. This will take you to a page where you can enter your email, phone, or username and request a login link. You’ll receive the login link on your phone or in your email, depending on which method you choose. Open the link and follow the instructions to restore your Instagram account.

However, if the hacker changes all of the account information before you can regain access, this method won’t work. In that case, tap the option Can’t reset your password? located under the Send login link button. If you’re using a computer, you’ll be redirected to a reCAPTCHA page to verify yourself.

Request a security code

If you’re completely locked out of your Instagram account, you can contact Instagram emergency support directly. From the main screen, tap My account was hacked. Contacting Instagram directly can take a while — requesting a security code first is usually faster. Here’s how to do it:

1. Go to the Instagram login page and tap Forgotten password? on iPhone or Get help logging in on Android.

2. Enter your username, email address, or phone number.

3. Tap Can't Reset Your Password.

   

4. Select either your email address or phone number, then Next.

5. Enter the security code you received, then tap Continue.

   

Verify your identity

As part of the account recovery process, Instagram may also require you to verify your identity through other means, such as sending a video selfie that they can compare to images or videos you previously uploaded to your account.

Instagram’s AI-powered system typically verifies your video selfie within 24-48 hours, though it often happens faster. However, if you haven’t posted recent photos or have used heavy filters, verification may fail. If successful, you’ll receive a reset link.

If there are no photos of you on your account, Instagram will ask for details about your account usage, such as the email address, phone number, and device type (iPhone, iPad, Android, etc.) that you used to sign up. To prevent future hacks, follow cybersecurity best practices to secure your account.

With Avast BreachGuard, in addition to 24/7 data breach monitoring, our team of US-based specialists is always ready to help you recover if your personal information has been exposed or your accounts hacked, with expert guidance on hand to help you resolve identity theft issues.

The broader consequences of an Instagram account hack

An Instagram account hack can compromise linked accounts, leak sensitive personal data, and even open the door to identity theft. These risks make the impact of a hack far more serious than many people realize.

Compromised linked accounts

Many users link their Instagram to other platforms like Facebook, email, or payment apps for convenience. However, a hack can give attackers access to these connected accounts as well, amplifying the damage beyond just the compromised Instagram profile and potentially leading to financial fraud.

Personal data leaks

A hacked Instagram account can expose sensitive personal data, including contact details, private messages, and past activity. This information can be exploited for scams, identity theft, or sold on the dark web. To find out how at-risk you may be, download your Instagram data and review how Instagram uses it.

Potential identity theft

Access to your Instagram account may allow cybercriminals to commit identity theft using your stolen data, photos, or linked accounts to open new accounts, make purchases, or impersonate you online. These fraudulent activities likely won’t stop until you take steps to help prevent misuse of your identity.

Securing accounts with similar logins

Other accounts with the same or similar login credentials could also be at risk. To protect yourself, update your passwords, review security settings, and enable two-factor authentication. It’s also a good idea to change your Facebook privacy settings to limit exposure of personal information.

You should regularly monitor for data breaches, so you can take action to secure any compromised accounts. Avast BreachGuard makes this easy for you with our non-stop data breach monitoring, even on the dark web. If we find that your information has been leaked, we’ll give you expert advice to help resolve the issue, so subscribe now for better peace of mind.

How to further secure your Instagram account

To help avoid getting hacked again, regularly review your Accounts Center and login activity, use strong passwords, implement two-factor authentication, and invest in security software. When it comes to security, prevention is always better than a cure.

Take the following steps to avoid getting hacked on Instagram:

Review your Accounts Center

From your Instagram profile, tap the three lines in the top-right corner, then go to Settings > Accounts Center to view all connected Meta accounts, including Facebook and Instagram. If you see an unfamiliar account, remove it immediately and report the hack.

Review login activity

Review the login activity on your Instagram to check for unauthorized access by going to Settings > Security > Login Activity. Here you can view recent logins, including locations, dates, and device types that were used. If you see anything suspicious, update your Instagram privacy settings and change your login credentials immediately.

Remove third-party apps

Third-party apps connected to Instagram can be a security risk. To review and remove any you no longer use, go to Settings > Security > Apps and Websites. Under the Active tab, you’ll see all active authorized apps currently connected to your account. Tap and remove any that are unfamiliar.

Use a strong password

Long and unique passwords are hard to crack. To create a strong password, avoid using personal details, username fragments, or simple sequences. Use at least 15 characters and make sure it’s unique. You can also use a password generator to help create complex passwords, which you can securely store in a password manager.

Implement two-factor authentication (2FA)

Use two-factor authentication (2FA) to add an additional layer of security to your IG account. Tap Settings > Security > Two-factor authentication and choose between using an authentication app, a phone number, or both.

Once 2FA is enabled, any time an unfamiliar device tries to log in to your account, or Instagram detects other unusual login attempts, you’ll be alerted and asked to authenticate the request with a security code.

Instagram has been testing a feature that would allow users who are locked out of Instagram to recover their account through a friend. The feature may not be available to you, though, so if you receive a message from a friend asking for a 2FA code to be sent to their phone, it is almost certainly a scam. To be safe, never forward a 2FA code.

Install security software

Installing robust internet security software can help detect and block malware, phishing attempts, and other threats that could compromise your login credentials. Real-time scans to ensure your device security reduce the risk of unauthorized access to your account.

Protect against identity theft and data breaches with Avast BreachGuard

You can further strengthen the security of your account information by using a data breach monitoring tool like Avast BreachGuard. With Avast on your side, you’ll be notified whenever we find your accounts were involved in a data leak, so you can change your login information. Get automatic, 24/7 data breach monitoring to help protect all your online accounts.

Signs your Instagram account has been hacked

If you’re not sure how to tell if your Instagram is hacked, there are some telltale signs. You might receive a verification email even though you haven’t changed your account info, get locked out of your account unexpectedly, or notice suspicious activity from your account.

Here are some of the most common signs your Instagram is hacked:

• Instagram suddenly logs you out, and you’re unable to sign back in.

• You receive an email from Instagram reporting a change you didn’t make.

• There’s an unfamiliar device in your activity log.

• Followers receive suspicious DMs from you asking them to get involved in cryptocurrency investment schemes or other types of internet scams.

• Someone posted content through your account without your permission.

• You get a message from Instagram that there was a suspicious login attempt from a country you don’t live in or travel to.

• You’re the target of a ransom attempt by a hacker holding your account hostage.

How do Instagram hackers access my account?

But how do Instagram accounts get hacked in the first place? Simply opening and viewing an Instagram DM in most cases poses no danger. Instead, most IG account hacks are the result of social engineering or phishing techniques, where cybercriminals manipulate an individual into giving away personal data and other compromising information. Remember that if you reuse passwords, the hacking of another online account could lead to an Instagram hack, too.

Man-in-the-middle attack

Man-in-the-middle attacks are a sophisticated type of cyberattack that hackers use to hack into your IG. A man-in-the-middle attack often starts when the victim receives an email that looks exactly like an official email sent by Instagram. A hacker could send an email from a fake address that’s spelled very similarly to a real one to make it look like an official email. If you click the link within the email, you’re taken to a fake pharming site where you unsuspectingly give away your login information.

Brute force attack

Brute force attacks can be used to crack passwords by attempting numerous combinations of numbers and letters — often carried out with bots or automated tools that quickly cycle through thousands of possibilities. This highlights the importance of using long, unique passwords and a password manager to secure your accounts.

The verified badge scheme

This Instagram scam involves hackers impersonating tech support agents. Victims receive a message claiming they’re eligible for the coveted blue verified badge. They follow a link and unknowingly enter their login details on a fake site, giving hackers access to their credentials.

Third-party platform hacks

Your Instagram account could also fall victim to a hack if your information was stolen in a data breach connected to a third-party app you’ve synced with IG. This includes “authorized” apps used to manage multiple social media accounts or share info on shopping or dating platforms.

Instagram DM hacks

Instagram DM hacks often involve phishing links sent through direct messages from a trusted account, such as a friend’s. When users click on these links or share data, they may provide login credentials or install malware, allowing hackers to take control of their account, steal personal information, or spread further attacks to other users.

Protect against identity theft and data breaches with Avast

With the seemingly endless stream of new scams and phishing schemes, protecting your online privacy can seem daunting, but it’s more important now than ever.

Avast BreachGuard helps protect all your online accounts by giving you a personalized privacy score with tips on securing your online identity. Plus, it defends your privacy with 24/7 data breach monitoring to warn you of any personal information we find exposed in a data leak, so you can secure your accounts.