How to Recover a Hacked Instagram Account [Step by Step]

Are You Locked Out of Your Instagram Account? Don’t Panic!

There are few things as panic-inducing as discovering you've been locked out of your Instagram account. And I should know. 

Earlier this year, my good friend's Instagram account was hacked. Scammers locked him out, reset his password, and started running crypto scams on his followers. It was a nightmare that took weeks to resolve.

Unfortunately, Instagram hacks have increased every year since 2016.

In 2022, there were more than one million cases of social media account takeovers (ATO) — with 85% of victims saying their Instagram account was compromised [*].

A hacked Instagram account is more than an annoyance. If scammers gain access to your account, they can harvest your personal information to use for identity theft, impersonate you and destroy your online reputation, or scam your friends and family — and that’s not even considering the financial losses that could accrue if your company, influencer, or business account is hacked. 

If you can’t log into your account or are seeing signs that it’s been hacked, act fast and follow these steps.

{{show-toc}}

Here’s How To Tell If Your Instagram Account Is Hacked

The most obvious sign that your Instagram account has been hacked is that your login and password no longer work. If this is happening to you, a hacker may have gained access to your account and locked you out. You’ll need to follow the steps below to get your Instagram account back. 

Sometimes scammers don’t want you to know that they’ve hacked your account. In these cases, there are some telltale signs indicating that someone else has access to your Instagram account:

You receive a password reset email that you didn’t request

If you receive a password reset email that you didn’t request, it means someone else is trying to get into your account. Even worse, it could mean that they’ve hacked your email account and are using it to gain access to your other accounts. 

Don’t ignore these emails. Instead, make sure all of your account passwords are updated and secure, and enable two-factor authentication (2FA) with an authenticator app like Google Authenticator wherever possible.

Your account email has changed

If you get an email from Instagram saying that your email has been changed, your account is hacked. At this point, a scammer has already gained access to your account and is trying to prevent you from changing your Instagram password to get back in.

You’ll need to deny the change from the original email account associated with your Instagram account.

Pro tip: Make sure that the email change message isn’t a phishing scam. All official Instagram emails should come from security@mail.instagram.com. Any email coming from a different account is a scam. 

You get a “suspicious login attempt” alert 

If scammers try to log into your account from a different location, Instagram will flag it as a suspicious login attempt. To check if someone else is using your Instagram account, log into the Instagram app, then go to Profile > Settings > Security > Login Activity.

Your Login Activity will show you the last few locations from which your account was accessed. If you see anything unfamiliar, press “This Wasn’t Me” and Instagram will log out your account from that device.  

If you’re using Instagram on your desktop computer, you can check your Login Activity under Profile > Settings > Login Activity.

Friends and followers are getting strange messages from you

One of the reasons scammers don’t want you to know they’ve hacked your Instagram account is that they want to scam your friends. Instagram hackers will often send messages to your friends with the goal of  stealing their login information or getting them to invest in fraudulent crypto schemes. 

If your friends reach out and tell you that they’ve received weird messages from you, check your account activity immediately.

Your account is posting and commenting on its own

If you see strange notifications about posts or comments you don’t remember writing, your account is compromised. A scammer is making posts and comments pretending to be you — most likely with the hope of scamming more of your friends and followers. 

💡 Related: The Latest Social Media Scams (and How To Avoid Them) →

How To Secure a Hacked Instagram Account That You Still Have Access To

If you still have access to your Instagram account, you can usually flush out your attacker if you move fast.

Here are the essential steps to take:

• Check the phone number and email address listed in your account settings. These are the key points of entry that will allow you to reset your password and recover your account. Before you try to change your passwords, go to Settings > Account > Personal information and make sure that a scammer hasn’t changed your email address or phone number.
• Log out of all active Instagram sessions. Go to your Instagram Login Activity, and close all active sessions by selecting the three dots beside each session and choosing “Log out.” Repeat for each listed login session. This means that you’ll have to log back into Instagram on your phone, iPad/tablet, and computer — but it’s a small price to pay to boot hackers out of your account. ‍
• Change your Instagram password. Next, you’ll want to reset your Instagram password under Profile > Settings > Security > Password. Choose a unique and strong password that is at least eight characters long and includes a combination of letters, numbers, and symbols. ‍
• Turn on two-factor authentication (2FA). 2FA is an additional security measure that requires a special one-time-use code along with your password in order to log into your account. This means that even if hackers have your password, they can’t get into your account. For added security, use an authenticator app for 2FA rather than SMS — as scammers can hack or steal your phone and bypass this extra security measure.‍
• Check your Accounts Center. This is a Facebook setting that allows you to see all your accounts associated with Facebook, Instagram, and WhatsApp. If you see a linked account or other suspicious activity that you don’t recognize, remove it.‍
• Remove any third-party apps. Hackers may have been able to access your account via third-party apps. Look over the linked third-party apps under Settings > Security > Apps and websites, and remove any apps that you don’t recognize or use.

How to Regain Access To a Hacked Instagram Account

If a hacker has locked you out of your Instagram account, it’s a much harder issue to resolve. But there are still ways that you can regain access. 

Here’s what to do if you’ve been locked out of your Instagram account:

Check your email for a message from Instagram

Instagram will email you if a scammer (or anyone) changes your password or email. If you didn’t ask for these changes, you can revert to your old password by clicking “revert this change” in the email. 

Search for any email sent from security@mail.instagram.com. Be sure to check your junk and spam folders. 

Request a login link

A login link helps verify that you’re the account owner. It is a special link that is sent to your email or phone number. Here’s how to request a login link from Instagram:

• On Android: Open Instagram and select “Get help logging in” and then follow the prompts. 
• On iOS: Open Instagram and select “Forgot password?” and then follow the prompts. 

If the email associated with your account has been changed, you’ll want to send the login link to your phone. If both your email and phone number have been changed, you’ll have to follow one of the next steps instead. 

Request more support or a security link

If you’re locked out of your account, you’ll have to make a special support request to Meta (the parent company of Instagram and Facebook).

Here’s how to request support from Instagram’s login page:

On Android: 

• Tap “Get help logging in.”
• Enter your username, email address, or phone number. 
• Tap “Need more help?” and then follow the on-screen instructions. 
• Select your preferred contact method, and then tap “Send security code.”
• If you don’t receive the code, you’ll need to tap “I can’t access this email or phone number.”

On iOS:

• Tap “Need more help?”
• Select your preferred contact method, and then tap “Send security code.”
• If you don’t receive the code, you’ll need to tap “I can’t access this email or phone number.”

Once you submit your request, you should receive an email from Instagram detailing the next steps to take. 

Pro tip: Make sure that you’re using a secure email account to receive login information. If your email account has been hacked, scammers can bypass all of these measures and retain access to your account. 

Verify your identity with Instagram

Eventually, you’ll need to verify that you are who you say you are. There are two ways that you can verify your identity to get your hacked Instagram account back. 

1. If your account doesn’t have photos of you: Instagram will ask for details such as the email address, phone number, and device type (iPhone, iPad, Android, etc.) that you used when signing up for your account. 
2. If your account does have photos of you: Instagram will ask you to send a video selfie (in which you turn your head at different angles) to confirm you’re a real person. Instagram claims the video is only for verification purposes and will be deleted from their servers within 30 days. 

Unfortunately, this entire process can take days, weeks, and sometimes even months. Much of it is automated, meaning you can’t directly contact Instagram if you’re hitting a snag. However, it’s still the best process by which to recover your hacked Instagram account. 

So even if it takes time, following these steps is far better than letting a hacker have total control over your account. 

How Hackers Hack Your Instagram Account (And How To Stop Them)

Once you’ve regained access to your hacked Instagram account, you want to make sure that scammers can’t get back in. 

So, how did they hack you in the first place? Here are the most common ways that scammers gain access to your Instagram account:

Phishing attacks that steal your login information

Phishing is a type of attack in which scammers impersonate a known or trusted organization (or person) and entice victims to click on dangerous links or download malicious attachments full of malware. 

Scammers may even pose as Instagram and send an email asking you to change your password, or log in to become verified (this is a popular scam). Their website, however, is completely fake and set up to steal your login information for an account takeover.

Beware of common Instagram phishing scams, such as:

• Bitcoin investment “advice” and special crypto exchanges. 
• Fake Instagram “support” accounts.
• Accounts that claim they can help your account get “verified.” 

💡 Related: The 10 Biggest Instagram Scams Happening Right Now →

Using leaked passwords from data breaches 

Data breaches have leaked billions of usernames and passwords. Instagram, in particular, has had its users’ passwords leaked [*]. 

Once a site like Instagram has been hacked, those emails and passwords end up for sale on the Dark Web, where the average price of a hacked Instagram account is just $45 [*].

Hackers don’t even need your Instagram password to get into your account. Because 65% of people reuse passwords [*], hackers will take leaked username/password combinations and try them on different accounts, including your Instagram account.

Pro tip: Sign up for identity theft protection with Dark Web scanning. Aura constantly monitors the Dark Web for your personal information, including logins, passwords, or even your Social Security number (SSN). If any of your accounts are compromised or if your personal information is leaked, you’ll be alerted so that you can shut down scammers before they can do too much damage. 

Malware that steals your username and password

If you click on a link in a spam email or scam text message, there’s a good chance that your device will get infected with malware. 

This malicious software has a range of abilities — from stealing your personal data to scanning your device for passwords to even spying on every word you type. If your phone has been hacked, scammers can get into your Instagram account.

💡 Related: How Do Hackers Get Passwords? (And How To Stop Them) →

Through third-party apps

Over the years, you may have connected multiple third-party apps with your Instagram profile or Facebook account — and then forgotten about them. Unfortunately, each third-party app poses a potential risk. If hackers attack a third-party app that has weak security, they can get into your Instagram account.

💡 Related: How To Know if Your Phone Is Hacked →

Through a Wi-Fi attack or on public devices

Hackers can intercept your Wi-Fi via a “Man In the Middle Attack” (MitM), which allows them to access details and information from your connected device. They may also be able to discover your password or access your account directly, compromising your Instagram account. This is particularly risky if you’re using public Wi-Fi in a café or airport.

You should also be cautious of logging into Instagram on unfamiliar devices. If you use a public computer or a friend’s phone — and forget to log out — someone else could change your account settings and lock you out. 

💡 Related: What Is Cyber Hygiene? 10 Easy Habits That Will Protect Your Online Accounts →

Was Your Instagram Account Hacked? Do This!

• Update and upgrade your passwords. Change any outdated or reused passwords. Consider using a password manager that helps you create and store unique and complex passwords so that you don’t have to remember them.
• Turn on two-factor authentication (2FA). This can help stop hackers from accessing your account even if they know your password. Any login attempt will need a second form of authentication, such as through your phone or email. 
• Never give up your login or account details. Be wary if you get a direct message about an investment opportunity, a way to get verified, or tech support. Instagram will never ask you for your login information.‍
• Be cautious of “verification scams.” Hackers will pretend to be one of your friends who can’t access their account, and ask to send a 2FA code to your phone. But in reality, they’re trying to hack into your account. Never give out a 2FA code — no matter what the circumstances.‍
• Don’t click on suspicious links. Many Instagram scams and hacks start via private or direct  messaging. A good rule of thumb is to never click on a DM link unless you’re certain it’s safe.‍
• Use antivirus software to protect against malware. If hackers trick you into downloading malware, they can spy on everything you type — including your Instagram password. ‍
• Scan and remove third-party apps and other accounts. Removing third-party apps and accounts tied to your account limits the number of access points to your account. ‍
• Be careful when entering your login details. Scammers will try and phish you by impersonating Instagram officials over email or DM, or linking to fake login sites. Before responding, always make sure any email comes from an official “Instagram.com” email address.‍
• Call or video chat with someone who is contacting you via DM. If you suspect that someone is reaching out to you from a hacked account, initiate a video call to see if it’s really them. You can also reach out to them directly via other communication channels like text, WhatsApp, or Telegram. ‍
• Don’t trust account recovery services. If you’ve publicly posted about your Instagram account being hacked, bots can use that against you. They’ll reach out about a recovery service that will help you “reclaim” your account. Don’t fall for it. ‍
• Sign up for identity theft protection. Your Instagram account can be the gateway to identity theft or even financial fraud. Aura’s all-in-one identity theft and digital security solution keeps your accounts, credit, and finances safe from scammers. And if the worst should happen, you’re covered by a $1,000,000 insurance policy for eligible losses due to identity theft.

The Bottom Line: Keep Instagram Scammers Out of Your Account

Instagram accounts are in high demand, and scammers are targeting the social media service at an increasing rate. 

Many of the cybersecurity steps we recommend to protect yourself can help protect more than just your Instagram account. Practicing online hygiene and basic security steps can help secure your data and prevent dangerous and damaging attacks. If you think you might be at risk, consider signing up for Aura.

Stop scammers in their tracks with Aura — plans start at just $3/month!