Instagram is crucial for designers, serving as a marketing and networking tool that’s key to landing new clients. So what should you do if you’ve had your Instagram hacked? First, don’t panic—you’re not alone. “I’d say it’s common for the average user to get hacked to some degree in their life,” says Matthew Krull, a social media strategist at design-focused communications agency Novità. “I hear more often than not from my friends and colleagues that they’ve experienced some suspicious activity on their account.” But if you’ve had your Instagram account hacked, it’s important to act fast. The quicker you move to recover your Instagram profile, the more likely you’ll be successful. Here are the steps for how to get your Instagram account back, as well as measures you can take to bolster your cybersecurity.
How do I know if my Instagram account has been hacked?
There are some clear signs you may be dealing with a hacked Instagram account. Most hackers immediately change your account’s personal data as a means of kicking you out and preventing you from regaining access to your Instagram. Any time your email, phone number, or password has been changed, Instagram will send you an email alert from security@mail.instagram.com. If you didn’t change anything yourself, that’s a sign that a hacker may have gained access to your account. Instagram will also alert you to “suspicious login attempts,” which might be another sign a hacker is attempting to access your account.
Yet another sign that your Instagram account has been hacked is seeing unusual activity on your feed, such as images, reels, or stories that you didn’t post yourself. Other suspicious activity includes your account sending followers direct messages (DMs) from your profile that you didn’t send. (On that note, if you notice some off-kilter activity on a friend’s page, tell them! You may catch it before they do.)
Can I get my Instagram account back after it’s been hacked?
The short answer: It depends.
It is possible to get a hacked Instagram account back, but you need to move fast so that the hacker can’t compromise your account further. If you act quickly, you might be able to kick out the hacker while they’re in your account—and, more crucially, before they’ve changed your personal data, deleted your photos, or posted to your profile.
But if the hacker has already gone beyond logging in and has changed your account details like your password, email, and phone number, profile recovery becomes a lot more difficult. Depending on how much damage they’ve done, Instagram may be able to help you recover your account. But brace yourself: If your account has been deleted by a hacker, it's likely gone for good.
How do you regain access to a hacked Instagram account?
The answer depends on whether the hacker has changed only your Instagram password or your Instagram password and contact info. In either case, here’s how you can attempt to recover your Instagram account.
Hitting a brick wall at the login screen? Simply follow the steps for setting a new one, as prompted by the login page on the Instagram app. Hopefully, the login link will be sent to your email account or phone number, and you can use a security code to log back in to your account and change your password. This would be the best case scenario, as you can solve the problem yourself without having to contact Instagram support. (That said, it’s not a bad idea to let them know that your Instagram account might have been hacked—the company may point out some helpful security tips to keep your account safe in the future.)
Whew, prepare yourself. If you’re locked out of your social media account and you don’t receive a password reset link when you request one, a hacker might have changed your email and phone number to their own. Most hackers do this immediately so they can keep control of your account. If that’s the case, you’ll need to report the activity to Instagram by following the step-by-step instructions here. Instagram will ask you to verify your identity in various ways, such as taking a video selfie to prove you are who you say you are. This process likely won’t give you immediate access; it could take days or even weeks to recover your Instagram account—all the while the hacker may be holding your Instagram account for ransom and requesting bitcoin or other plunder for you to get it back.
And in some cases, you may not even get any support from Instagram at all. Interior designer Deana Lenz, for instance, tried to contact the Instagram support team for weeks when a hacker took control of her account—to no avail. Once you submit your support request, there’s not much more you can do. That is, unless you’re Meta Verified, which comes at a (literal) price.
Meta Verified is a subscription plan that provides both Instagram and Facebook accounts with premium features, managed via your Accounts Center. Yes, that includes the infamous social media blue check, but it also includes specialized support, including identity theft monitoring. Right now, Meta Verified costs between $11.99 and $34.99 per month, depending on the plan you choose.
What should you do if you suspect someone is trying to hack your Instagram?
Three key red flags may indicate that someone may be trying to hack your Instagram account (or already has): receiving a changed-password email from Instagram that you didn’t trigger yourself, receiving an unprompted email-change request from security@mail.instagram.com, and seeing posts you didn’t make. Here’s how to get help.
If someone attempts to reset your password, Instagram will send you an email from security@mail.instagram.com informing you of the change. If you didn't request the reset yourself, you should immediately report a potential hacking attempt to Instagram via the link in that email, then immediately change your password.
If you received an email from security@mail.instagram.com asking about changing the email address associated with your Instagram account but didn’t make that request yourself, click the link in the message that says Secure My Account. If you are unable to get through the Instagram login page, the scammer may have changed your password. Don’t lose hope yet—you might still be able to request a login link or a security code.
But be cautious when it comes to these Instagram emails: Some messages that appear to be from Instagram could be phishing attempts or scams from hackers that could lead to your account being compromised or malware installed on your device.
This is how Lenz was hacked—she fell victim to one such phishing attempt on her professional Instagram account with nearly 20,000 followers. “I received an email asking if I wanted to be Meta Verified. The email came from an account that looked just like Instagram and had the blue check,” says Lenz. “They asked for my login information which I gave them. The next thing I know the hacker is texting me asking me for money, and he locked me out of my account!”
The hacker then began posting bitcoin content on Lenz’s Instagram stories, messaging Lenz and her husband on their personal accounts, and asking for payment to return ownership of the account.” Despite reaching out to Instagram for help—and hiring independent tech security experts—Lenz was unable to recover her account. “The hacker wrote me a very nasty DM saying if I didn’t answer him, he would wipe my account, which he did,” says Lenz. “I had to start from scratch to rebuild a new account.”
The good news is that Meta has developed a function to help protect you from email scams. If you enter the security section of the Instagram app, you can see what emails Instagram has sent you within the last two weeks. Reviewing that data should help you verify an email’s authenticity.
Keep in mind that other messages, like Instagram DMs and WhatsApp chats, can also contain phishing scams. Instagram will never contact you via these methods; it will only only reach out by email from security@mail.instagram.com. Stay alert!
If you notice photos, reels, or stories you didn’t post yourself appearing on your page, or your followers notice strange DMs from your account, you’ve probably been hacked on Instagram. If you’re still logged in, change your password immediately to kick the hacker out of your account. You should also manually log out of any suspicious devices via your login activity page, as well as revoke access from any third-party apps that might have had a security breach and exposed your login information.
Can you recover your Instagram account if it has been deleted?
In some cases, hackers might delete all your posts, leaving your account barren. Or they might delete your account entirely. In the case of the former, once you’ve regained access to your account, you might be able to retrieve posts by going into the Your Activity section of your Instagram account and selecting Recently Deleted. There, you’ll find posts from the last 30 days as well as stories from the last 24 hours, and you can restore them to your profile.
But if your account has been totally deleted, it might be game over. Instagram itself says, “When you delete your account, your profile, photos, videos, comments, likes, and followers will be permanently removed.” You can create a new account with the same email address you used before, but you may not be able to get the same username.
That said, there is a window in which you can recover your Instagram account. “If someone has deleted your account, you technically have 30 days to contact Instagram to explain that you have been hacked and [ask them] to put your account back up. Instagram claims it stores your data for that long,” says digital marketer Jonathan Simon, director of marketing and communications at the Telfer School of Management at the University of Ottawa. “However, this is a long shot. Once your account is deleted, it is likely gone.”
Even though no method of account protection is completely fail-safe, staying on top of security best practices can hopefully prevent you from being hacked. You can also download your data every so often in order to keep an archive of your posts, your followers, and even your comments—that way, if you have your Instagram hacked and eventually need to rebuild your account, you have a running start.
What are some ways to protect my Instagram account?
Hacking isn’t limited to high-profile Instagrammers like celebrities and influencers with millions of followers. “Any account can be a target, because if the hackers are successful, they can use the hacked account to try to get important information like credit card numbers, addresses, and PINs from other unsuspecting users,” Simon says.
A strong password is an obvious place to start—and yes, those strings of letters and numbers suggested by Apple’s iOS on iPhones and Google on Androids are pretty safe. (If you’re concerned about remembering all of your logins, a digital password manager can help.) Still, there are a few additional steps you should take to thwart a potential hacking.
Two-factor authentication requires users to enter a security code from an authentication app or your cell phone via text message (SMS) every time you log in via a new device—and it’s a solid deterrent to scammers. Meta offers this service, and you can set it up via the security page in the Instagram app.
Monitor your login activity, which can also be found under the security section of the app. There, you’ll see all the devices that your Instagram account is currently logged into, plus their geographic locations. If you see you’re logged in somewhere you shouldn’t be, you can log out of those devices from your current one. Then change your password! Be sure to pick a unique password that's very different from your old one.
Granting third-party apps access to your account is an easy way to share content across different platforms, but it does come with some level of risk: Hackers can break into those apps, which may be less secure than Instagram itself, and steal your Instagram login info. Head to your security settings, then click Apps and Websites to see what other apps have access to your Instagram account. Keep an eye out for any big data breaches that might affect those apps—if one happens, you’ll want to change your password immediately.
What if an account is impersonating me on Instagram?
If you discover an Instagram account that's pretending to be you, this is known as spoofing.
“Spoofing on Instagram happens when someone creates a fake account mirroring a real one, from the profile picture down to the username and posts,” says Ashley Rector, founder of digital marketing agency Quimby Digital. “The intentions behind this can vary, ranging from harmless imitation to more harmful objectives like scamming followers or damaging reputations.”
Impersonating someone is against Instagram’s Community Guidelines, so you should report the offending account to Instagram via the app by tapping the three dots next to their username, selecting “report,” selecting “report account,” and choosing “They're pretending to be someone else.” You can also report the offending account online. “It’s also wise to alert your followers about the imposter so they can help report and stay vigilant,” says Rector. “The power to remove these fake accounts ultimately lies with Instagram, based on their review process. However, collective reporting efforts from your community can often expedite this process.”
Hopefully this resolves the problem, but you may have to escalate the issue in severe instances. “In cases where the spoofing leads to significant harm or potential financial loss, legal consultation might be necessary to explore further actions, which could range from a cease and desist letter to more formal legal measures,” says Rector. “Documentation is crucial; keep records of the impersonation by taking screenshots.”
