Avast Academy Security Other Threats What to Do If Your Instagram Account Is Hacked

What to Do If Your Instagram Account Is Hacked in 2024

Instagram is a popular platform for both businesses and consumers, so it’s not surprising that hackers are increasingly targeting Instagram accounts. For businesses, the financial losses from a hacked Instagram can be devastating. Read on for the hacked IG account recovery process and tips for how to protect your Instagram account. Then, install a data-leak protection tool to help secure your online accounts.

Written by Olga Knezevic
Published on February 9, 2023

Imagine opening Instagram and discovering you’ve been hacked or locked out of your account. If you’re a professional influencer or a business owner offering services through the platform, having your Instagram account stolen is a nightmare scenario — your followers and clients could be at risk of solicitation by a cybercriminal acting in your name. Or, it might cost you in lost revenue, time, and client trust.

If you’ve found out your Instagram account was stolen due to an Instagram phishing scam or other fraudulent behavior, keep reading to learn how to recover your hacked Instagram account.

Hamburguer menu icon

This Article Contains:

    How to recover a hacked Instagram account

    There are a few ways to recover your hacked Instagram account: try resetting your password, contacting Instagram directly, and verifying your account details. If you act immediately, it’s more likely you can recover your Instagram account with minimal fallout after a hack.

    Here’s how to get your Instagram account back after a hack:

    Check your email immediately

    When an account password is changed, Instagram sends an email from no-reply@mail.instagram.com. If you catch it in time, you may be able to stop a hack by tapping Secure your account here and following the on-screen instructions.

    Hacked on Instagram help password change

    When a new email address is added to your account, Instagram sends an email from security@mail.instagram.com to your existing email. If you receive the email and you weren’t the one who changed your email, tap Secure your account here. Receiving this email is one of the first signs that your Instagram was hacked.Instagram got hacked and they changed email

    Next, Instagram will ask you to verify your username, email, and phone number. If any of this profile information was not added by you, tap No, secure my account. Then select a verification method.

    How to secure your Instagram account after unusual activity.

    If you select email as a verification method, open the new email from Instagram and follow the instructions. If you added your phone number in the past, it’s best to choose that recovery option as it’s quicker (typically, within seconds). Then, enter the code that arrives to your phone.

    Make sure to check that the Instagram security email address informing you of changes to your account is official. Sending fraudulent phishing emails about account changes is a common technique scammers use to lure individuals into giving away private information.

    Contact Instagram for a login link

    If reverting the changes made to your account is no longer possible and you’re locked out of your Instagram account, contact Instagram directly and use Instagram account help.

    On the Instagram login page, tap Forgot password. This will take you to a page where you can enter your email, phone, or username and request a login link. You’ll receive the login link on your phone or in your email, depending on which method you choose. Open the link and follow the instructions to restore your Instagram account.

    How to login into an Instagram account using forgot password.

    However, if all of the account information has been changed by the hacker before you were able to get back into your account, this method may not work. In that case, tap the option Can’t reset your password? located under the Send login link button. If you’re using a computer, you’ll be redirected to a reCAPTCHA page where you need to verify yourself.

    Request a security code

    If you are completely locked out of your Instagram account, you can contact Instagram emergency support directly. From the main screen, tap My account was hacked. Contacting Instagram directly can take a while — requesting a security code first is usually faster. Here’s how to do it:

    1. Open Instagram. On the login page select Forgotten password? (iPhone) or Get help logging in (Android). Then, enter your username, email address, or phone number and tap Can't Reset Your Password.

      Requesting a security code from Instagram after an Instagram hack.
    2. Select either your email address or phone number and then tap Next. Enter the security code you received to unlock your Instagram account.

      Requesting a security code from Instagram to your email or phone to unlock your Instagram account.

    Verify your identity

    At this stage, Instagram can help you recover from the hack by verifying your identity through other means. If you previously uploaded photos of yourself to your account, Instagram may ask you to send a video selfie that they can compare the images to.

    It may take 24-48 hours for Instagram to verify your video selfie, but it often happens sooner because the system is powered by AI. For this same reason, the method may not work at all — especially if you haven’t posted a recent photo of yourself or if you used a filter that makes your face unrecognizable. If it does work, you’ll be sent a link to reset your account. Make sure you follow the best cybersecurity practices to secure your account against future hacks.

    If there are no photos of you on your account, Instagram will ask for details about your account usage such as the email address, phone number, and device type (iPhone, iPad, Android, etc.) that you used to sign up.

    Signs your Instagram account has been hacked

    If you’re not sure how to tell if your Instagram is hacked, there are some telltale signs. You might receive a verification email even though you haven’t changed your account info, get locked out of your account unexpectedly, or notice suspicious activity from your account.

    Here are some of the most common signs your Instagram is hacked:

    • Instagram suddenly logs you out and you’re unable to sign back in.

    • You receive an email from Instagram reporting a change you didn’t make.

    • There’s an unfamiliar device in your activity log.

    • Others receive suspicious DMs from you asking them to get involved in cryptocurrency investment schemes or other types of internet scams.

    • Someone posted content through your account without your permission.

    • You get a message from Instagram that there was a suspicious login attempt from a country you don’t live in or travel to.

    • You’re the target of a ransom attempt by a hacker holding your account hostage.

    How do Instagram hackers access my account?

    But how do Instagram accounts get hacked in the first place? Simply opening and viewing an Instagram DM in most cases poses no danger. Instead, most IG account hacks are the result of social engineering or phishing techniques, where cybercriminals manipulate an individual into giving away personal data and other compromising information.

    Man-in-the-middle attack

    Man-in-the-middle attacks are a sophisticated type of cyber attack that hackers use to hack into your IG. A man-in-the-middle attack often starts when the victim receives an email that looks exactly like an official email sent by Instagram. A hacker could send an email from a fake address that’s spelled very similar to a real one to make it look like an official email. If you click the link within the email, you’re taken to a fake, pharming site where you unsuspectingly give away your login information

    Brute force attack

    Brute force attacks are a technique hackers use to crack passwords. These can be carried out manually — trying countless number and letter combinations — but are often executed using bots or other automated tools that can cycle through thousands of password combinations in seconds. Brute force attacks are a key reason why using long and unique passwords — and using a password manager to store them all — is central to online security.

    The verified badge scheme

    This social engineering tactic involves hackers impersonating tech support agents from Instagram. Victims receive a message telling them they are eligible to add the covetable blue verified badge to their account. They follow a link and, like in the man-in-the-middle scheme, unknowingly enter their login information on a proxy site, thereby giving up their credentials.

    Third-party platform hacks

    Your Instagram account could also fall victim to a hack if your information was stolen in a data breach connected to a third-party app you’ve synced with IG. This includes “authorized” apps used to manage multiple social media accounts or share info on shopping or dating platforms.

    In 2015, a popular app called InstaAgent was found to be storing unencrypted Instagram usernames and passwords. This resulted in IG becoming choosier about which app integrations they allow.

    No matter how hackers get access to your Instagram account, you can strengthen the security of your account information by using a data breach monitoring tool like Avast BreachGuard. With Avast, you’ll be notified any time your accounts are involved in a data leak, giving you enough time to change your login information before your important accounts are compromised.

    How to protect your Instagram account from hackers

    Before you need to get a hacked Instagram back, make sure you know how to prevent your Instagram from being hacked in the first place. As with most things, prevention is better than a cure.

    Take the following steps to avoid getting hacked on Instagram.

    Review your Accounts Center

    From your Instagram profile, tap the three lines in the top-right corner, and then tap Settings > Accounts Center. Here, you’ll be able to see all Meta accounts — including Facebook and Instagram — that are connected. If you notice an unfamiliar Facebook or Instagram account, remove it and report the hack.

    Review login activity

    Review the login activity on your Instagram to see if someone unfamiliar has managed to log into your account. Go to Settings > Security > Login Activity. Here, you’ll see a list of the locations and dates of logins to your account, as well as the device types that were used. If you notice any unfamiliar locations or devices, change your Instagram privacy settings and login credentials immediately.

    Remove third-party apps

    Third-party apps that connect to Instagram can pose an Instagram security threat. To review and remove any third-party services you no longer want to use, open your Instagram settings and tap Security > Apps and Websites. Under the Active tab, you’ll see all active authorized apps currently connected to your account. Tap and remove any that are unfamiliar.

    Use a strong password

    Long and unique passwords are hard to crack. To create a strong password, avoid using any personal information, part of your username, strings of sequential numbers, or passwords shorter than fifteen characters. You can also use a password generator to come up with a complex string of numbers, letters, and characters and store it in a password manager.

    Implement two-factor authentication (2FA)
    Use two-factor authentication (2FA) to add an additional layer of security to your IG account. Tap Settings > Security > Two-factor authentication and choose between using an authentication app, a phone number, or both.

    Once 2FA is enabled, any time an unfamiliar device tries to log in to your account, or Instagram detects other unusual login attempts, you’ll be alerted and asked to authenticate the request with a security code.

    Use two-factor authentication to help protect your Instagram account against hacking.Instagram has been testing a feature that would allow users who are locked out of Instagram to recover their account through a friend. The feature may not be available to you, though, so if you receive a message from a friend asking for a 2FA code to be sent to their phone, it is almost certainly a scam. To be safe, never forward a 2FA code.

    Protect against identity theft and data breaches with Avast

    With the seemingly endless stream of new scams and phishing schemes, protecting your online privacy is more important now than ever. Using strong passwords, 2FA, and staying informed can help keep your Instagram and other online profiles safe. But larger data breaches can still compromise your online safety.

    Avast BreachGuard defends your privacy with 24/7 data breach monitoring to ensure any personal information exposed in a data leak is quickly identified. BreachGuard also generates an easy-to-read privacy score to help you determine how vulnerable your personal accounts are, and it will provide tips to help you better secure your personal information.

    Protecting your online identity can seem daunting. So install Avast BreachGuard today and get automatic, 24/7 data breach monitoring to help protect all your online accounts.

    Protect your personal data with Avast Secure Browser


    Protect your personal data with Avast Secure Browser

    Other Threats
    Olga Knezevic