Instagram hacked? 4 ways to get your account back

Tips & tricks
17 mins
alt="instagram hack"

“Instagram hack”: Two words that usually conjure images of decor or crafts, not digital nightmares. But if you’re facing the latter, don’t fret. Here’s a step-by-step guide to reclaiming your Instagram account if it’s been hacked.

Strengthen your social media security with ExpressVPN. A VPN encrypts your internet traffic, making it much harder for hackers to intercept your data, even on public Wi-Fi. Stay safer on Instagram and beyond by keeping your online activity private.

 

Get ExpressVPN

How to tell if your Instagram is hacked

Before you can take action to regain control of your hacked Instagram account, it’s important to first identify whether your account has actually been compromised. 

Here are nine of the most common red flags signaling an Instagram hack:

  1. Unauthorized posts or activities: If you notice posts, comments, or direct messages that you didn’t create or send, it’s a clear indication that someone else might have access to your account.
  2. Unusual account behavior: If you receive notifications for actions you didn’t perform, such as following unfamiliar accounts, liking unrelated content, or making unexpected changes to your profile, it’s a red flag.
  3. Sudden drop in followers or engagement: Hackers might make changes that lead to a decrease in your follower count or engagement metrics, such as blocking your followers or changing your content.
  4. Email or password changes: If you receive notifications about changes to your email address, phone number, or password that you didn’t initiate, your account might be compromised.
  5. Suspicious login attempts: Getting notifications about unfamiliar login attempts? Someone might be trying to break into your account.
  6. Inability to log in: Hackers are known to act swiftly, often changing your account’s personal information right off the bat to kick you out. If you find yourself suddenly unable to log into your Instagram account, despite entering the correct credentials, it’s possible that an unauthorized person has taken control.
  7. Unfamiliar devices: Instagram provides information about the devices that are logged into your account. If you see devices you don’t recognize, your account may have been accessed from an unauthorized source.
  8. Unusual activity on your feed: Random images, Reels, or Stories appearing on your profile are a sure sign someone else is at the helm
  9. Dodgy DMs and suspicious links: If your friends are complaining about weird messages from your account containing unknown links, a hacker could be using your identity for malicious purposes.

Can I get my Instagram account back after it’s been hacked?

In short: Yes, as long as you move fast. The quicker you take the necessary steps to reclaim control of your Instagram account, the higher the chances of a successful recovery.

Below, we show you how to regain access to a hacked Instagram account quickly. 

How to get access to a hacked Instagram account

1. Check if you can still sign in with your password

If you notice one or more of the warning signs above, try to see if you can still sign into your account. Some hackers crack into social media accounts without changing their passwords. This could be because they were able to access your account even though they did not have your password (such as if they did so while borrowing your phone).

If you’re able to log in to your Instagram account, or you’re still signed in to Instagram on one of your devices, immediately change your password to kick the intruder out before they mess with your personal info, wipe out your photos, or post who-knows-what on your profile.

Here’s how to do it:

  1. Once logged in to your Instagram account, head to your profile
  2. Navigate to the hamburger menu icon ≡ in the top right corner 
  3. Select Settings and Privacy from the dropdown menu 
  4. Tap Accounts Center
  5. Under Account Settings, tap Password and security
  6. Select Change password and then choose the Instagram account to make changes
  7. Follow the prompts to create a strong, unique password

Then, ensure any intruders are kicked out of your account

  1. On the Password and security menu, tap Where you’re logged in 
  2. Tap any device that looks suspicious and tap Select devices to log out

If you find yourself logged out of your account and unable to get back in (i.e., the hacker has changed your password or other details), you’ll receive an email from Instagram (via security@mail.instagram.com) informing you that your email address has been changed. If you act promptly, you can reverse this change by clicking on the “Secure my account” link in the email.

2. Request a login link 

A login link for Instagram is a special link the platform sends to your email or phone when you’re having trouble accessing your account. If you’ve been hacked, the hacker may have changed your password, making it difficult for you to log in. 

Requesting a login link allows Instagram to verify your identity and help you regain access to your account without needing the hacker’s updated password.

Here’s how to request a login link from Instagram: 

On Android: Launch Instagram and click on Get help logging in. Afterward, a link will be sent to your linked email to assist you in regaining access to your account.

On iOS: Head to Instagram and choose the Forget password? option. Similar to the procedure on Android, a link will be sent to your registered email to regain access to your account. 

3: Recover your account through the app

If you discover that the hacker has successfully changed your password, as well as your email address for account recovery, follow the steps for setting up a new password via the mobile recovery option: 

If your Instagram account has been hijacked, and the hacker has changed your password and email address, try resetting it by following the mobile recovery prompts.
  1. On the Instagram login page, tap Forgotten Password?
  2. Select Search by mobile number 
  3. Input your cellphone number, then tap Find Account  
  4. You should receive an SMS with a password reset link 
  5. Follow the prompts to change your password

Things get trickier if the hacker has already messed with your account details like passwords, email, and phone numbers. Depending on the depth of the breach, Instagram can help you regain control of your account. 

4. Request support from Instagram

If hackers are holding your account ransom or have locked you out completely, and you have no way to retrieve your password, you’ll need to report your account getting hacked to Instagram directly. The social media platform offers a few options to recover your hacked Instagram account. 

Here’s how to request for special support from Instagram: 

On Android: 

  1. On Instagram, tap Get help logging in and enter your username, email, and phone number 
  2. Then, tap Need more help? and follow the prompts on screen
  3. Select a way you want to be contacted for the security code
  4. If you don’t receive the code, tap I can’t access this email or phone number and you’ll be directed to receive help.

On iOS: 

  1. On Instagram, head to Forgot password? and then to Need more help? 
  2. Then, select a way you’d like to be contacted for a security code
  3. If you don’t receive the code, tap I can’t access this email or phone number and you’ll get instructions on the next steps to take. 

For example, if your Instagram support request is for an account that hasn’t got any photos of you, Instagram will ask you to provide the following information to verify your identity:

  • The email address or phone number that you used to create the account
  • The type of device that you used to create the account 

Alternatively, if you submitted a support request for an account with photos of you, Instagram will ask you to take a video selfie of you turning your head in different directions. This is to ensure that you’re a real person and that you are the rightful owner of the account. 

This process might not yield instant results (it may take days or even weeks), but by closely following these steps, Instagram will likely give you control of your account back.

What to do if a hacker has deleted your Instagram account

In certain instances, hackers may take control of your Instagram account and proceed to erase all of your posted content, rendering your profile empty. Alternatively, they might go a step further and completely delete your account.

How to retrieve deleted posts on Instagram

You will only be able to retrieve deleted posts once you’ve successfully regained access to your account. First, access the Your Activity section within your Instagram profile and navigate to the Recently deleted option. It’s here that you’ll find posts from the last 30 days, as well as stories from the past 24 hours. You can then restore these images and clips to your Instagram profile. 

Retrieving a deleted Instagram account

If you believe a hacker has permanently deleted your Instagram account, contact Meta, Instagram’s owner, immediately. This is because when you decide to permanently delete your Instagram account, the platform holds onto your data for about 30 days. So, if a hacker takes control and deletes your account, you’ve got roughly a month to report the situation to Instagram. If you miss that window, your account will likely be lost forever, along with your profile details, photos, videos, comments, likes, and followers. 

Who’s at risk of getting their Instagram hacked?

While anyone is at risk of having their Instagram account hacked, there are certain people who are more likely to be targeted. These include:

  • Those with a large following: Accounts with a lot of followers are more valuable to hackers, as they can use them to spread spam or scams.
  • Influencers: Hackers may target influencers in order to gain access to their personal information or to use their accounts to promote their own products or services.
  • Businesses: Business accounts can be hacked to steal customer data or to damage the company’s reputation.
  • People who use weak passwords or reuse passwords across multiple accounts: If you use a weak password or reuse the same password for multiple accounts, it’s more likely that your Instagram account will be hacked.
  • People who click on phishing links or install malicious apps: Phishing links and malicious apps are common ways that hackers gain access to people’s accounts.

Cybercriminals target social media accounts for personal info. Once hackers are in one account, they exploit it to breach others. They deceive victims’ contacts, share fake content, harmful links, and seek money. This is why accounts with many followers are more attractive—they could extend the hacker’s reach to more people. 

Instagram accounts present a potential for extortion, where attackers demand payment in exchange for regaining control of compromised accounts. The risk is further amplified by the fact that other specific social media services, such as Facebook (that are linked to one’s Instagram account), can act as gateways to more sensitive platforms like e-commerce sites that contain credit card details. Compromised accounts are also frequently sold on the dark web.

Read more: How much is your data worth on the dark web?

Instagram’s growing popularity has led to a surge in hacking attempts on the platform—in fact, it has the highest risk of unauthorized access among social media platforms. Recent market research from Gitnux reveals concerning statistics: 85% of Instagram accounts have experienced some form of compromise, whether through hacking or data leaks. 

Among these cases, 70% of victims were locked out of their accounts, and 71% had hackers reaching out to their friends using their compromised accounts. This issue is particularly concerning considering Instagram’s substantial user base, which exceeds 1.35 billion people, solidifying its position as the world’s fourth most utilized social media platform.

Want stronger protection for your Instagram account and personal data? ExpressVPN makes it easy to keep your online activities private. By encrypting your internet traffic and masking your IP address, ExpressVPN keeps your Instagram interactions secure from prying eyes, including your ISP and network admins. With secure servers keeping your connection private, you can browse and share on Instagram with added peace of mind.

 

Get ExpressVPN

How do Instagram accounts get hacked?

Hackers usually employ a range of tactics to gain unauthorized access to a person’s Instagram account, exploiting users’ trust and vulnerabilities. Here are six of their most commonly used tactics: 

  1. Hackers pose as your friends 

Hackers often pose as friends or family members of their targets to create a sense of trust, a tactic known as social engineering. By impersonating someone familiar, they lower the victim’s guard and trick them into clicking on harmful links. According to the Consumer Impact Report, nearly half of account takeover victims have clicked on links sent by people they know.

  1. “Get-rich-quick” scams

Another popular scam often used by Instagram hackers is “Get-rich-quick” scams. Here, cybercriminals entice victims with promises of wealth through cryptocurrency or investment scams, getting them to inadvertently click on links that contain malicious software, also known as malware. The damage caused by malware varies widely. It can range from stealing sensitive data (like passwords or financial information) to causing system crashes, deleting files, or encrypting data for ransom.

  1. Man-in-the-middle attacks 

Man-in-the-middle attacks (MiTM) are common on public Wi-Fi. In these attacks, hackers intercept the data between your device and the internet, often without you knowing. This tactic allows them to capture sensitive information, like your passwords or login details. If you’re using unsecured Wi-Fi, it’s easy for attackers to slip in and monitor your activity, putting your personal information at risk.

  1. Bait and switch attacks

Bait and Switch attacks trick you into clicking a link that seems legitimate but leads to a fake Instagram login page or malicious site. Hackers might disguise these links as prize notifications, account verification requests, or special offers. Once you enter your credentials on these fake pages, attackers capture your information, gaining control of your account and locking you out.

(Read more: Signs a shopping website is fake)

  1. Data leaks

When personal information is exposed due to breaches in other online platforms, hackers can leverage this information to attempt unauthorized access to Instagram accounts. 

  1. Link vulnerability

Linking Facebook and Instagram accounts can expose both platforms to attacks. A breach in one account can lead to compromise in the other.

Knowing these tactics is key to boosting your Instagram security and keeping your online presence safe. However, staying informed is only part of safeguarding your Instagram account. 

One of the simplest ways to protect your Instagram account and personal data is by using a VPN. A premium VPN like ExpressVPN secures your data by encrypting your internet connection, keeping your online activity private.

 

Get ExpressVPN

How to prevent your Instagram account from being hacked

If you want to thwart potential hackers, there are a few additional steps you can take:

Create a strong password

A password is the first line of defense against hacks and unauthorized access to any account you own. When creating a password, use unique, complex passwords for all your accounts. Consider using a password manager like ExpressVPN’s Keys to store your password and generate strong passwords that are difficult to crack. With a password manager, you just have to remember one password to unlock an entire vault of the passwords you need.

Get ExpressVPN

Opt-in for two-factor authentication (2FA)

Two-factor authentication (2FA) enhances the security of your account by introducing an additional verification step during the login process. Instead of relying solely on a password, 2FA requires you to also enter a unique code that is sent to your phone each time you attempt to access your account. This added layer of security ensures that even if someone were to discover your password, they would still be unable to log in without access to the code sent to your phone.

Be careful about what links you click on

Hackers frequently employ tactics such as sending phishing emails or direct messages (DMs) to unsuspecting users. These communications typically include malicious links. When clicked, these links redirect the user to a counterfeit website designed to mimic the appearance of legitimate platforms, such as Instagram. This deceptive site prompts users to enter their login credentials under the guise of verification or account security.

Once the user inputs their information on this fake webpage, the hackers are able to capture these details. Consequently, this breach allows them unauthorized access to the victim’s account, where they can exploit the account for malicious purposes or even lock the original user out.

Monitor login activity

It’s crucial to regularly review your login history as a proactive measure to safeguard your online accounts. This involves checking for any devices or locations that don’t seem familiar or that you don’t recognize as your own. Unusual activity could be an indicator of unauthorized access to your account. If you spot anything suspicious, such as a login from a device you don’t own or a location you haven’t visited, it’s important to take immediate action. Immediately logging out of these unfamiliar devices can help prevent potential security breaches. 

Additionally, changing your password and enabling two-factor authentication, if you haven’t already done so, can further enhance the security of your account.

Revoke access to third-party apps

You might have permitted third-party applications, like scheduling tools or follower analysis services, to access your Instagram account in the past for various purposes. It’s crucial to periodically review your Instagram settings to ensure that only the applications you fully trust currently have access. Over time, the necessity or reliability of these apps may change, and it’s important to keep your account’s security in check by revoking access to those you no longer use or trust. By doing so, you can help protect your personal information and maintain control over your digital footprint on the platform.

Enable autosave

Always ensure that the autosave feature is activated for all your original photos and posts on your device. While this action does not directly protect against hacking attempts, it plays a crucial role in safeguarding your content. By enabling autosave, you create a secure backup of all your materials. This means that if your account is compromised, you won’t lose access to your original content. It’s a simple yet effective step towards enhancing the security of your digital assets.

Avoid Facebook logins

It’s advisable to create distinct logins for each account rather than linking platforms such as Instagram to Facebook. This approach significantly enhances your online security. When you link accounts, if one set of credentials is compromised, it can lead to a domino effect, putting multiple accounts at risk. Maintaining separate logins for each account minimizes this risk, ensuring that a breach in one account doesn’t automatically endanger your presence on other platforms. This practice is a proactive step towards safeguarding your personal information and digital footprint against unauthorized access.

Activate security notifications

It’s highly recommended that you activate notifications for any login attempts that originate from locations or IP addresses that are not recognized as frequently used or safe. This feature acts as a preventative measure, alerting you to any potentially unauthorized access attempts, and allowing you to take immediate action to secure your account.

Use a VPN

Turn on a VPN like ExpressVPN to encrypt your internet traffic, protect your credentials on unsecured Wi-Fi, and keep your location private from apps like Instagram. By masking your IP address, ExpressVPN hides your real location, so you appear as if you’re browsing from a different place entirely. This not only keeps your physical whereabouts private but also prevents Instagram from tracking your real-time movements, which are often used for features like geotagging and targeted advertising.

Avoid public Wi-FI

When using public Wi-Fi, it’s crucial to exercise caution, especially with activities that involve logging into personal accounts, such as social media. Public networks are notoriously less secure than private ones, making them prime targets for cybercriminals looking to intercept data. If you find yourself needing to access your social media accounts on a public Wi-Fi network, it’s highly recommended to use a VPN.  A VPN creates a secure and encrypted tunnel for your data to travel through, greatly reducing the risk of interception by malicious actors. This extra layer of security ensures that your personal information, including passwords and messages, remains private, even on a public network.

Keep your software up to date

Instagram frequently updates its platform to enhance security measures and address potential vulnerabilities malicious actors could exploit. Users must stay vigilant and promptly install these updates as soon as they become available. Doing so helps protect personal information and ensures a safer online environment by mitigating the risk of unauthorized access or cyber-attacks. Always watch for notifications regarding new updates and act quickly to maintain the highest level of security on your account.

FAQ: About Instagram hacks

Can my Instagram be hacked?
Can you be hacked through Instagram DM?
What should I do if I suspect someone is trying to hack my Instagram?
Can an Instagram video call be hacked?
Can I contact Instagram about a hacked account?
Phone protected by ExpressVPN.
Take back control of your privacy

30-day money-back guarantee

Various devices protected.
Take the first step to protect yourself online. Try ExpressVPN risk-free.
What is a VPN?
I like hashtags because they look like waffles, my puns intended, and watching videos of unusual animal friendships. Not necessarily in that order.