Instagram is crucial for designers, serving as a marketing and networking tool that’s key to landing new clients. So what should you do if you’ve had your Instagram hacked? First, don’t panic—you’re not alone. “I’d say it’s common for the average user to get hacked to some degree in their life,” says Matthew Krull, a social media strategist at Sonos. “I hear more often than not from my friends and colleagues that they’ve experienced some suspicious activity on their account.” But if you’ve had your Instagram account hacked, it’s important to act fast. The quicker you move to recover your Instagram profile, the more likely you’ll be successful. Here are the steps for how to get your Instagram account back, as well as measures you can take to bolster your cybersecurity.
- How do I know if my Instagram account has been hacked?
- Can I get my account back after it’s been hacked?
- What steps should I take to regain access?
- Can I recover my account if it has been deleted?
- How did hackers gain access?
- What are some ways to protect my account?
- What if an account is impersonating me?
How do I know if my Instagram account has been hacked?
There are some clear signs you may be dealing with a hacked Instagram account.
The most straightforward way to tell you’ve been hacked is not being able to log in. That likely indicates the hacker has changed your password. But before you panic, make sure you’re actually typing the right password! A simple typo might be to blame.
AD PRO members enjoy exclusive benefits. Get a year of unlimited access for $25 $20 per month.
Most hackers immediately change your account’s personal data as a means of kicking you out and preventing you from regaining access to your Instagram. Any time your email, phone number, or password has been changed, Instagram will send you an email alert from security@mail.instagram.com. If you didn’t change anything yourself, that’s a sign that a hacker may have gained access to your account. Instagram will also alert you to “suspicious login attempts,” which might be another sign of an account hack.
Yet another clue that your Instagram account has been hacked is seeing unusual activity on your feed, such as images, reels, or stories that you didn’t post yourself. Many times, these posts will feature content that’s decidedly different from your own, such as posts about cryptocurrency investments. Other suspicious activity includes your account sending followers direct messages (DMs) from your profile that you didn’t send. (On that note, if you notice some off-kilter activity on a friend’s page, tell them! You may catch it before they do.)
Can I get my Instagram account back after it’s been hacked?
The short answer: It depends.
It is possible to get a hacked Instagram account back, but you need to move fast so that the hacker can’t compromise your account further. If you act quickly, you might be able to kick out the hacker while they’re in your account—and, more crucially, before they’ve changed your personal data, deleted your photos, or posted to your profile.
But if the hacker has already gone beyond logging in and has changed your account details like your password, email, and phone number, profile recovery becomes a lot more difficult. Depending on how much damage they’ve done, Instagram may be able to help you recover your account. But brace yourself: If your account has been deleted by a hacker, it’s likely gone for good.
What steps should you take to regain access to a hacked Instagram account?
The answer depends on whether the hacker has changed only your Instagram password or your Instagram password and contact info. In either case, here’s how you can attempt to recover your Instagram account.
Hitting a brick wall at the login screen? Simply follow the steps for setting a new one, as prompted by the login page on the Instagram app. Hopefully, the login link will be sent to your email account or phone number, and you can use a security code to log back into your account and change your password. This would be the best case scenario, as you can solve the problem yourself without having to contact Instagram support. (That said, it’s not a bad idea to let app’s support team know that your Instagram account might have been hacked—the company may point out some helpful security tips to keep your account safe in the future.)
Whew, prepare yourself. If you’re locked out of your social media account and you don’t receive a password reset link when you request one, a hacker might have changed your email and phone number to their own. Most hackers do this immediately so they can keep control of your account. If that’s the case, you’ll need to report the activity to Instagram by following the step-by-step instructions here. Instagram will ask you to verify your identity in various ways, such as taking a video selfie to prove you are who you say you are. This process likely won’t give you immediate access; it could take days or even weeks to recover your Instagram account—all the while the hacker may be holding your Instagram account for ransom and requesting bitcoin or other plunder for you to get it back.
And in some cases, you may not even get any support from Instagram at all. AD PRO Directory designer Deana Lenz, for instance, tried to contact the Instagram support team for weeks when a hacker took control of her account—to no avail. Once you submit your support request, there’s not much more you can do. That is, unless you’re Meta Verified, which comes at a (literal) price.
Meta Verified is a subscription plan that provides both Instagram and Facebook accounts with premium features, managed via your Accounts Center. Yes, that includes the infamous social media blue check, but it also includes specialized support, including identity theft monitoring. Right now, Meta Verified costs between $14.99 and $349.99 per month, depending on the plan you choose.
In addition to taking steps to secure (or recover) your account, you should also notify anyone who works with you on your Instagram account, from members of your team to advertising partners.
What should I do if I suspect someone is trying to hack my Instagram?
Three key red flags may indicate that someone may be trying to hack your Instagram account (or already has): receiving a changed password email from Instagram that you didn’t trigger yourself, receiving an unprompted email change request from security@mail.instagram.com, and seeing posts you didn’t make. Here’s how to get help.
If someone attempts to reset your password, Instagram will send you an email from security@mail.instagram.com informing you of the change. If you didn’t request the reset yourself, you should immediately report a potential hacking attempt to Instagram via the link in that email, then promptly change your password. Be sure to check the email address carefully before you click any links to ensure it’s actually coming from Instagram itself, not a hacker.
If you received an email from security@mail.instagram.com asking about changing the email address associated with your Instagram account but didn’t make that request yourself, click the link in the message that says Secure My Account. (Again, double-check the email address!) If you are unable to get through the Instagram login page, the scammer may have changed your password. Don’t lose hope yet—you might still be able to request a login link or a security code.
If you notice photos, reels, or stories you didn’t post yourself appearing on your Instagram page, or your followers notice strange DMs from your account, you’ve probably been hacked. If you’re still logged in, change your password immediately to kick the hacker out of your account. You should also manually log out of any suspicious devices via your login activity page, as well as revoke access from any third-party apps that might have had a security breach and exposed your login information.
We’ve said it already but we’ll say it again. Be cautious when it comes to emails from Instagram: Some messages could be phishing attempts or scams from hackers that could lead to your account being compromised or malware being installed on your device.
This is how Lenz was hacked—she fell victim to one such phishing attempt on her professional Instagram account with nearly 20,000 followers. “I received an email asking if I wanted to be Meta Verified. The email came from an account that looked just like Instagram and had the blue check,” Lenz says. “They asked for my login information, which I gave them. The next thing I know the hacker is texting me asking me for money, and he locked me out of my account!”
The hacker then began posting bitcoin content on Lenz’s Instagram Stories, messaging Lenz and her husband on their personal accounts, and asking for payment to return ownership of the account. Despite reaching out to Instagram for help—and hiring independent tech security experts—Lenz was unable to recover her account. “The hacker wrote me a very nasty DM saying if I didn’t answer him, he would wipe my account, which he did,” Lenz says. “I had to start from scratch to rebuild a new account.”
The good news is that Meta has developed a function to help protect you from email scams. If you enter the security section of the Instagram app, you can see what emails Instagram has sent you within the last two weeks. Reviewing that data should help you verify an email’s authenticity.
Keep in mind that other messages, like Instagram DMs and WhatsApp chats, can also contain phishing scams. Instagram will never contact you via these methods; it will only only reach out by email from security@mail.instagram.com. Stay alert!
Can I recover my Instagram account if it has been deleted?
In some cases, hackers might delete all your posts, turning your account into an empty shell. If you can regain access to your account, you might be able to retrieve posts by going into the Your Activity section of your Instagram account and selecting Recently Deleted. There, you’ll find posts from the last 30 days as well as stories from the last 24 hours, and you can restore them to your profile.
But if your account has been totally deleted, it might be game over. Instagram itself says, “When you delete your account, your profile, photos, videos, comments, likes, and followers will be permanently removed.” You can create a new account with the same email address you used before, but you may not be able to get the same username.
That said, there is a window in which you can recover your deleted Instagram account. “If someone has deleted your account, you technically have 30 days to contact Instagram to explain that you have been hacked and [ask them] to put your account back up. Instagram claims it stores your data for that long,” says digital marketer Jonathan Simon, director of marketing and communications at the Telfer School of Management at the University of Ottawa. “However, this is a long shot. Once your account is deleted, it is likely gone.”
How did hackers gain access to my Instagram account?
Hackers have many methods of gaining access to your Instagram account. Here’s a rundown of some of the most common ones.
One of the most common ways is through phishing, a type of cyberattack where scammers impersonate a legitimate organization—like Instagram or Meta—in order to trick you into giving up sensitive information, such as your login credentials. These attacks often come in the form of emails, text messages, or even DMs that look official, complete with logos, familiar language, and convincing email addresses.
Once you click a link or enter your information on a fake website, hackers can use it to gain access to your accounts or install malware on your device. That’s why it’s crucial to always double-check the sender’s email address, avoid clicking suspicious links, and never enter your password unless you’re certain you’re on the official Instagram website or app.
When a company suffers a data breach, hackers may gain access to its database of user information, including usernames, email addresses, and passwords. Once they’ve obtained these credentials, they may try them on other websites in what’s known as credential stuffing, assuming you’ve reused the same password across multiple accounts. That’s why it’s so important to use unique, strong passwords for every account and to update them regularly.
Malware (short for malicious software) is a broad term for programs designed to infiltrate your device without your consent. Some types of malware, like keyloggers, silently run in the background and record every keystroke you make, including your usernames and passwords. Others can take screenshots, access saved passwords in your browser, or even give hackers remote control of your device. You might unknowingly install malware by clicking a suspicious link, downloading a fake app, or opening an infected email attachment. Always be vigilant on the internet!
What are some ways to protect my Instagram account?
Hacking isn’t limited to high-profile Instagrammers like celebrities and influencers with millions of followers. “Any account can be a target, because if the hackers are successful, they can use the hacked account to try to get important information like credit card numbers, addresses, and PINs from other unsuspecting users,” Simon says.
Even though no method of account protection is completely fail-safe, staying on top of security best practices can hopefully prevent you from being hacked.
A strong password is an obvious place to start—and, yes, those strings of letters and numbers suggested by Apple’s iOS on iPhones and Google on Androids are pretty safe. Weak passwords, such as “password” or “123456” might be easy to remember, but they’re also incredibly easy to hack. (If you’re concerned about remembering all of your logins, a digital password manager can help.)
Two-factor authentication requires users to enter a security code from an authentication app or your cell phone via text message (SMS) every time you log in via a new device—and it’s a solid deterrent to scammers. Meta offers this service, and you can set it up via the security page in the Instagram app.
Keep tabs on your login activity, which can also be found under the security section of the app. There, you’ll see all the devices that your Instagram account is currently logged into, plus their geographic locations. If you see you’re logged in somewhere you shouldn’t be, you can log out of those devices from your current one. Then change your password! Be sure to pick a unique password that’s very different from your old one.
Granting third-party apps access to your account is an easy way to share content across different platforms, but it does come with some level of risk: Hackers can break into those apps, which may be less secure than Instagram itself, and steal your Instagram login info. Head to your security settings, then click Apps and Websites to see what other apps have access to your Instagram account. Keep an eye out for any big data breaches that might affect those apps—if one happens, you’ll want to change your password immediately.
Though this won’t necessarily protect your Instagram account, you can download an archive of your posts, your followers, and even your comments—we recommend doing so periodically. That way, if you have your Instagram hacked and eventually need to rebuild your account, you have a running start. Set a reminder on your calendar to do this quarterly or even monthly if you’re a very active Instagram user.
What if an account is impersonating me on Instagram?
If you discover an Instagram account that’s pretending to be you, this is known as spoofing.
“Spoofing on Instagram happens when someone creates a fake account mirroring a real one, from the profile picture down to the username and posts,” says Ashley Rector, founder of digital marketing agency Quimby Digital. “The intentions behind this can vary, ranging from harmless imitation to more harmful objectives like scamming followers or damaging reputations.”
Impersonating someone is against Instagram’s Community Guidelines, so you should report the offending account to Instagram via the app by tapping the three dots next to their username, selecting “Report,” selecting “Report account,” and choosing “They’re pretending to be someone else.” You can also report the offending account online. “It’s also wise to alert your followers about the imposter so they can help report and stay vigilant,” Rector says. “The power to remove these fake accounts ultimately lies with Instagram, based on their review process. However, collective reporting efforts from your community can often expedite this process.”
Hopefully this resolves the problem, but you may have to escalate the issue in severe instances. “In cases where the spoofing leads to significant harm or potential financial loss, legal consultation might be necessary to explore further actions, which could range from a cease and desist letter to more formal legal measures,” Rector says. “Documentation is crucial; keep records of the impersonation by taking screenshots.”
Join the AD PRO Directory, our professional network that puts you in front of the right clients. Learn more
.png)
