Instagram hacked: What to do if someone breaks into your account

Instagram account hacked Google search

If you’re a social media content creator searching for the words “Instagram hacked” or “Instagram account hacked,” you’re probably in a little bit (or a lot) of trouble.

Losing access to your Instagram account can be extremely stressful, especially if you engage your audience daily. Besides losing the ability to control what’s being posted, a hacked Instagram account can put years of work in jeopardy, seriously disrupt in-store purchases as well as sponsorship revenue, and lose you a whole lot of followers. 

At Notch, we specialize in helping Instagram creators protect their accounts and providing insurance for any lost income whenever there’s a security breach - so we understand the severe impact that these events can have. 

In this article, we’ll tell you exactly what to do if your Instagram account gets hacked. We’ll also go over the most common ways hackers target social media creators and provide tips to protect your account from this type of threat. 


What to Do If Your Instagram Account Gets Hacked

Whether it’s phishing or another form of social engineering, cybercriminals use a wide range of techniques to gain unauthorized access to your Instagram account. 

When this occurs, you’ll need to act as quickly as possible to minimize your losses and increase your chances of regaining control swiftly. 

Was your Instagram account hacked? Here are the steps you need to follow:

1. Check Your Email Inbox

In many cases, the first thing that hackers do is attempt to change your login credentials to revoke access to your account. 

When an email address is changed on Instagram, the system sends out an automated message to the old address for security purposes.

You should log into your email and check for this message before going any further. If you’re lucky, you’ll be able to tap on the link within the email that says “revert this change” to regain access to your account. 

2. Request a Login Link

If the link to revert the change has expired or is not available, you can still contact Instagram and request a login link.

On your Instagram app login page, tap on “Get help logging in” (Android) or “Forgot Password?” (iPhone). Then, enter your email address, phone number, or username, then select the method you want to get the login link. 

Check your email or SMS messages (depending on which one you chose) to see if you received a link. It’s important to note that, unless the hacker is very inexperienced, it's unlikely this will work because long-time criminals change these contact details as soon as they’ve hacked an account.

3. Change Login Credentials, If Possible

If any of the two steps above allowed you to successfully log in, the first thing you should do is change your password. 

The most secure approach is to use a password manager.

4. Report the Incident to Instagram and Verify Your Identity

If neither of the first two steps worked, it’s time to reach out to Instagram. More often than not, this is a hopeless process, but photographer Jared Quackenbush shared a method that worked for many victims: reporting the hack while verifying your account with a video recording of your face. 

If you want to submit a video of your face to verify your account, you have to:

  • Go to the Instagram login page and type your username
  • Tap on “Forgot password”
  • Select “Need more help?”
  • Choose the account you want to verify
  • When you get the prompt, choose to receive recovery code via text message
  • The hacker has likely set up 2FA at this point so you’ll be asked for another code
  • On this same screen, tap on “Try Another Way”
  • Tap on “Get Support” and select the optioned labeled “My Account Was Hacked”
  • Select “Yes, I have a photo of myself in my account
  • Type in your email address and tap on “Submit”
  • You should be met with a selfie video recording, so follow the instructions and you’ll get contacted by Instagram within 24 hours (usually occurs right away)

Note that this verification system only works if you’ve posted pictures of yourself recently, and because it’s powered by AI, it has some limitations - for example, if your picture has a filter, it may not recognize you. 

5. Reach Out to Your Instagram Insurance Provider

If you have insurance for your Instagram account (like Notch), the first thing you should do is reach out to your insurance provider (if they haven’t already contacted you), and file a claim. 

Once the claim is processed, you’ll begin receiving daily payouts that cover any losses to your income. At the same time, the insurance company will help recover your account so you can get back to business as soon as possible. 


How Do Cybercriminals Hack Instagram Accounts?

Common tactics used by cybercriminals to hack Instagram accounts include social engineering and phishing methods. Here are three tactics you should be aware of:

The Copyrighting Scheme

In the copywriting scheme, fraudsters impersonate Instagram team members and reach out to Instagramers claiming they’ve violated copyright infringement laws. 

Users are provided with a link to solve the issue. But, instead of going to a legitimate page, users are redirected to a phishing site that collects their username and password data as soon as they attempt to log in. 

The Verified Badge Scheme

Cybercriminals also use the verified badge scheme to gain access to their victims’ accounts. Verified badges appear on accounts that Instagram has reviewed to show that they’re legitimate. 

Unfortunately, hackers are now impersonating Instagram support agents that offer creators the chance to add a verified badge to their accounts. 

As with the copywriting scheme, users are redirected to a fake page that records their login data as soon as it is submitted. 

You might be interested in: 6 ways hackers steal Instagram accounts

Real Time Phishing Schemes

A more sophisticated method hackers use, which lets them bypass Two Factor Authentication (2FA), is referred to as ‘man-in-the-middle’ real time phishing.  

Hackers send emails impersonating a legitimate company - let’s say Instagram - and dupe users into clicking on a proxy server. Unlike the typical scams we mentioned earlier, in this case the hacker-run web page is a mirror image of the legitimate web page, like Instagram’s login page. 

When users click on an online proxy controlled by the hacker, their browser connects to it and forwards the information - like log in details - to the legitimate website that the user believes they’re already on. 

It’s easy to be tricked - the page operated by the hacker is exactly the same as the real log in page, the only difference is a small discrepancy in the URL. 

Instagram will ask the user to provide their 2FA code - which they’ll enter on the hacker’s proxy server. So the user thinks they’ve logged into Instagram without any suspicion, and Instagram also believes the user has logged in. Meanwhile, the hacker has gained access to the account and can now change the login information. 

The key takeaway here is to never be complacent, even with 2FA set up, and to always double check the URL of the website you’re entering sensitive information into. 

6 Tips to Protect Your Instagram Account from Hacks

Hackers can trick even the most vigilant Instagram creators, so it’s vital you do everything possible to limit the chances of this happening to you. Here are 6 of the best security measures we recommend.


Double check links

This is the most common piece of advice victims of Instagram hacks have given in our How I Got Hacked blog series. That's because the majority of hacks are a result of creators clicking on links they receive by email or DM, from hackers impersonating legitimate accounts. The links they include seem legitimate at first glance, but it's crucial to stop yourself from clicking before thinking. Instead of blindly opening up the link, hover over the hyperlink and check the URL. Does it look suspicious? If so, it's better to be safe than sorry. Delete the email.

Use a Password Manager

A common piece of advice to prevent hacks is to strengthen your password. In truth, brute force attacks, in which hackers guess your password, are less of a threat than social engineering or phishing attacks. After a few failed login attempts, Instagram recognizes suspicious activity. 

So while having a strong password can only help, our advice is to use a password manager app. These help protect you against the most prevalent hacker tactic - phishing - while also simplifying the login process. 

A password manager works like a centralized vault that stores all of your login credentials. Instead of remembering each one individually, you only have to provide the master password for the management tool. The password manager then autofills the login details as long as the domain is legitimate, allowing users to log in safely with minimal hassle.

Because password manager apps recognize your known websites, they can help prevent phishing attacks. For instance, if you've been tricked by a hacker impersonating Instagram, and they direct you to a fake lookalike website where they ask for your credentials, the password manager will recognize that this is an unfamiliar URL. As a result, the password manager won't autofill your details, helping you avoid the phishing scam. 

Password managers also provide features like password generators. This feature gives the ultimate level of security because Instagramers can generate secure passwords without knowing what they are and store them in the manager tool right away.

Set Up Two-Factor Authentication

Two-factor authentication is a feature that allows you to add another layer of security to your account. In addition to your password, two-factor authentication requires you to provide a second piece of information in order to access your account from a new device. 

You can obtain the second piece of information through two different channels: either through a third-party authentication app like Google Authenticator or via SMS text message. The idea is that anyone that wants to access your account will need to have your password and your unlocked smartphone at the same time, which is unlikely if it’s not you. 

Having said that, you can still get hacked with a 2FA setup - as influencer Jessica Wenjia found out.

Limit Third-Party Account Access

As an Instagram entrepreneur, you probably leverage a variety of tools to monitor and improve your performance. In a lot of cases, you need to provide access to your account to enjoy the benefits that these platforms provide. 

This can represent an additional risk, especially if you’re working with a provider that doesn’t have a strong security system in place. Providers with weak security are more susceptible to being hacked and jeopardizing all of their partner accounts, including your own. 

Risks involved with third parties don’t stop here. Some cybercriminals are known for crafting fake platforms in order to gain access to their victims’ accounts. These non-existent tools can be so convincing that Instagramers are willing to try them out, which gives cybercriminals exactly what they want. 

To counter this, you need to reduce the number of third-party tools that have access to your account and verify that you only work with reliable providers. The list of partners you can trust includes, but it’s not limited to:

  • Hootsuite
  • Buffer
  • Panoramiq
  • AdEspresso
  • All Adobe platforms
  • VCSO
  • Canva
  • Shopify

Working with trustworthy providers will not only reduce the chances of experiencing a hack via third-party access, but it will also protect the details you collect about your followers. 

Verify Emails by Checking Security Messages on Instagram

A common phishing tactics used by hackers involves impersonating Instagram's official email. But, the good news is that you can now verify all email communications through your Instagram account. 

All legitimate and official emails sent by Instagram will also appear in your profile settings. 

From your Instagram account, go to Settings>Security>Emails.

By monitoring this part of your account, you can keep track of all your security notifications and ensure that all emails you receive are actually from the Instagram team. 

If you received an email that seems to be from Instagram, but there is no corresponding message in your profile’s security section, consider it suspicious and do not engage with it. 

Get covered by Instagram Insurance

You can also protect your account by getting Instagram insurance, like Notch. 

Notch insures Instagram accounts against hacks - meaning, if you get hacked, Notch will pay you every day you’re locked out of your account to cover your revenue loss, for up to 3 months. At the same time, we work to retrieve your account to get you back in business ASAP.

We predict it to become the norm for savvy Instagram creators to insure their accounts against hacks: all businesses need insurance, and Instagram accounts are no different.


Insure your Instagram account with Notch

Get the peace of mind you need to focus on growing your online business.

Get a quote
Starting from $9/mo
CPO and Co-Founder at Notch

Exploring the synthesis between Insurance, Creators, and Digital assets. Writing on product management, web 3.0, Metaverse, and NFT.

Learn More
Insure Your instagram
Get Covered