How do i know if my instagram was hacked
How To Tell If Your Instagram Account Has Been Hacked
Primakov/Shutterstock
By Nor'Adila Hepburn/June 20, 2022 2:11 pm EST
Most Instagram users are not conscious about protecting their information until they fall victim to cybercrime themselves — and by then it is too late. If you are the owner of one or more Instagram accounts, you probably need to be wary as there has been a recent increase in hacking incidents on the platform. It doesn't matter whether you have lots of followers if your account is public or private, any account that is opened can be targeted by hackers.
Out of all the social media apps, Instagram is reported to be the one that is most susceptible to phishing and other online scams (via CodeCondo). Like other apps of its kind, it integrates with other apps and uses cloud storage to save photos and profile information. While this means easy access for users, the company's security measures are no match for sophisticated hackers looking for ways to break into them. Once they are able to hack their way through, the hackers may be able to nab your banking details and other sensitive information.
What are the tell-tale signs?
TY Lim/Shutterstock
The most surefire way to know if you've been hacked is if you are unable to login into your account. In that case, you should take the following steps immediately:
1. Check to see if you received an e-mail from [email protected]
2. When you find the e-mail, look for the "revert this change" button in the message, and select it. Once you click on it you may be able to undo the change (via Instagram).
You can also request a login link, security code, or support from Instagram to resolve your issue. Instagram may ask you to verify your information with a photo, so they know it's actually you.
Another sign that the account is comprised is that your e-mail or registered phone number has been changed.
This is often the first thing that will be changed so that you'll stop getting notifications. You can also check the settings page to see if there are unfamiliar devices logging into your account. If you see strange activity such as unknown messages to other people being sent from your account, subscribing to new accounts, or your account is blocked due to spam complaints, odds are strong that a hacker is controlling your account (via RTE and Consumer Reports).
Sometimes, alerts can come from your connections who've picked up that something is wrong and will let you know that they think you've been hacked.
How to protect yourself
Sergei Elagin/Shutterstock
So, how can you prevent your account from being stolen from right under your nose?
Ortal Levitan, a social media expert, says that hackers will usually send DMs to you from accounts that look exactly like official Instagram accounts.
"These messages state that their account has been violating Instagram guidelines, or they have done something that goes against what Instagram is OK with. But, the main point of these messages is that the sender wants you to click on a (malicious) link," she says in a recent YouTube video. "A lot of people will click on the link without even thinking. And once you click on that link, they can steal all your login info, and can access your account."
Her top advice boils down to two rules: Instagram never DMs anyone and if you get a message in your inbox from someone claiming that they are from Instagram, it's a fraud.
Another way you can protect yourself is to use a more difficult password to enter your account. Also, you can set up Two Factor Authentication which requires you to enter an additional log-in code or confirm your login account through a third-party app like Google Authenticator when logging in to any of your accounts (via Instagram).
Recommended
How to Recover a Hacked Instagram Account [2022 Update]
Are You Locked Out of Your Instagram Account? Don’t Panic!
There are few things as panic-inducing as discovering you've been locked out of your Instagram account.
And I should know.
Earlier this year, my good friend's Instagram account was hacked. Scammers locked him out, reset his password, and started running crypto scams on his followers. It was a nightmare that took weeks to resolve.
Unfortunately, Instagram hacks have increased every year since 2016. Last year alone, there were more than one million cases of social media account takeovers (ATO) — almost double the amount from the year before [*].
A hacked Instagram account is more than an annoyance. If scammers gain access to your account, they can harvest your personal information to use for identity theft, impersonate you and destroy your online reputation, or scam your friends and family — and that’s not even considering the financial losses that could accrue if your company, influencer, or business account is hacked.
If you can’t log into your account or are seeing signs that it’s been hacked, act fast and follow these steps.
Here’s How To Tell If Your Instagram Account Is Hacked
The most obvious sign that your Instagram account has been hacked is that your login and password no longer work. If this is happening to you, a hacker may have gained access to your account and locked you out. You’ll need to follow the steps below to get your Instagram account back.
Sometimes scammers don’t want you to know that they’ve hacked your account. In these cases, there are some telltale signs indicating that someone else has access to your Instagram account:
You receive a password reset email that you didn’t request
If you receive a password reset email that you didn’t request, it means someone else is trying to get into your account. Even worse, it could mean that they’ve hacked your email account and are using it to gain access to your other accounts.
Don’t ignore these emails. Instead, make sure all of your account passwords are updated and secure, and enable two-factor authentication (2FA) with an authenticator app like Google Authenticator wherever possible.
✅ Take action: If your Instagram account has been hacked, your bank account, email, and other online accounts could also be at risk. Try Aura’s identity theft protection free for 14 days to secure your identity against scammers.
Your account email has changed
If you get an email from Instagram saying that your email has been changed, your account is hacked. At this point, a scammer has already gained access to your account and is trying to prevent you from changing your Instagram password to get back in.
You’ll need to deny the change from the original email account associated with your Instagram account.
Pro tip: Make sure that the email change message isn’t a phishing scam. All official Instagram emails should come from [email protected]. Any email coming from a different account is a scam.
You get a “suspicious login attempt” alert
If scammers try to log into your account from a different location, Instagram will flag it as a suspicious login attempt.
To check if someone else is using your Instagram account, log into the Instagram app, then go to Profile > Settings > Security > Login Activity.
Your Login Activity will show you the last few locations from which your account was accessed. If you see anything unfamiliar, press “This Wasn’t Me” and Instagram will log out your account from that device.
If you’re using Instagram on your desktop computer, you can check your Login Activity under Profile > Settings > Login Activity.
Friends and followers are getting strange messages from you
One of the reasons scammers don’t want you to know they’ve hacked your Instagram account is that they want to scam your friends. Instagram hackers will often send messages to your friends with the goal of stealing their login information or getting them to invest in fraudulent crypto schemes.
If your friends reach out and tell you that they’ve received weird messages from you, check your account activity immediately.
Your account is posting and commenting on its own
If you see strange notifications about posts or comments you don’t remember writing, your account is compromised. A scammer is making posts and comments pretending to be you — most likely with the hope of scamming more of your friends and followers.
💡 Related: The Latest Social Media Scams (and How To Avoid Them) →
My Instagram Account Was Hacked! What Should I Do?
If you recognize any of the above warning signs, don’t panic. There are specific steps you can take to recover your account, secure it from hackers, and mitigate the damage done.
But first: If your Instagram account has been hacked, the scammers could use your personal details to log into other services, including your email and online banking.
If you’ve lost access to your Instagram account, make sure to:
- Update passwords on all of your accounts.
Use secure and unique passwords for all of your accounts — especially if you have a habit of reusing passwords. Whenever possible, enable 2FA so hackers can’t get into your account, even if they have your passwords. - Regularly check your credit report and bank statements. Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize. An identity theft protection service like Aura can monitor your credit and statements for you and alert you to any signs of fraud.
- Consider signing up for identity theft protection. Aura’s top-rated identity theft protection monitors all of your most sensitive personal information, online accounts, and finances for signs of fraud. If an Instagram scammer tries to access your accounts or finances, Aura can help you take action before it’s too late. Try Aura’s 14-day free trial for immediate protection while you’re most vulnerable.
Now, here’s what to do if your Instagram account was hacked — whether you still have access to it or if a hacker has locked you out.
How to secure a hacked instagram account that you still have access to
If you still have access to your Instagram account, you can usually flush out your attacker if you move fast.
Here are the essential steps to take:
- Check the phone number and email address listed in your account settings. These are the key points of entry that will allow you to reset your password and recover your account. Before you try to change your passwords, go to Settings > Account > Personal information and make sure that a scammer hasn’t changed your email address or phone number.
- Log out of all active Instagram sessions. Go to your Instagram Login Activity, and close all active sessions by selecting the three dots beside each session and choosing “Log out.” Repeat for each listed login session.
This means that you’ll have to log back into Instagram on your phone, iPad/tablet, and computer — but it’s a small price to pay to boot hackers out of your account. - Change your Instagram password. Next, you’ll want to reset your Instagram password under Profile > Settings > Security > Password. Choose a unique and strong password that is at least eight characters long and includes a combination of letters, numbers, and symbols.
- Turn on two-factor authentication (2FA). 2FA is an additional security measure that requires a special one-time-use code along with your password in order to log into your account. This means that even if hackers have your password, they can’t get into your account. For added security, use an authenticator app for 2FA rather than SMS — as scammers can hack or steal your phone and bypass this extra security measure.
- Check your Accounts Center. This is a Facebook setting that allows you to see all your accounts associated with Facebook, Instagram, and WhatsApp. If you see a linked account or other suspicious activity that you don’t recognize, remove it.
- Remove any third-party apps. Hackers may have been able to access your account via third-party apps. Look over the linked third-party apps under Settings > Security > Apps and websites, and remove any apps that you don’t recognize or use.
How to regain access to a hacked instagram account
If a hacker has locked you out of your Instagram account, it’s a much harder issue to resolve. But there are still ways that you can regain access.
Here’s what to do if you’ve been locked out of your Instagram account:
Check your email for a message from Instagram
Instagram will email you if a scammer (or anyone) changes your password or email.
If you didn’t ask for these changes, you can revert to your old password by clicking “revert this change” in the email.
Search for any email sent from [email protected]. Be sure to check your junk and spam folders.
Request a login link
A login link helps verify that you’re the account owner. It is a special link that is sent to your email or phone number. Here’s how to request a login link from Instagram:
- On Android: Open Instagram and select “Get help logging in” and then follow the prompts.
- On iOS: Open Instagram and select “Forgot password?” and then follow the prompts.
If the email associated with your account has been changed, you’ll want to send the login link to your phone. If both your email and phone number have been changed, you’ll have to follow one of the next steps instead.
Request more support or a security link
If you’re locked out of your account, you’ll have to make a special support request to Meta (the parent company of Instagram and Facebook).
Here’s how to request support from Instagram’s login page:
On Android:
- Tap “Get help logging in.”
- Enter your username, email address, or phone number.
- Tap “Need more help?” and then follow the on-screen instructions.
- Select your preferred contact method, and then tap “Send security code.”
- If you don’t receive the code, you’ll need to tap “I can’t access this email or phone number.”
On iOS:
- Tap “Need more help?”
- Select your preferred contact method, and then tap “Send security code.”
- If you don’t receive the code, you’ll need to tap “I can’t access this email or phone number.”
Once you submit your request, you should receive an email from Instagram detailing the next steps to take.
Pro tip: Make sure that you’re using a secure email account to receive login information. If your email account has been hacked, scammers can bypass all of these measures and retain access to your account.
Verify your identity with Instagram
Eventually, you’ll need to verify that you are who you say you are. There are two ways that you can verify your identity to get your hacked Instagram account back.
- If your account doesn’t have photos of you: Instagram will ask for details such as the email address, phone number, and device type (iPhone, iPad, Android, etc.) that you used when signing up for your account.
- If your account does have photos of you: Instagram will ask you to send a video selfie (in which you turn your head at different angles) to confirm you’re a real person. Instagram claims the video is only for verification purposes and will be deleted from their servers within 30 days.
Unfortunately, this entire process can take days, weeks, and sometimes even months. Much of it is automated, meaning you can’t directly contact Instagram if you’re hitting a snag. However, it’s still the best process by which to recover your hacked Instagram account.
So even if it takes time, following these steps is far better than letting a hacker have total control over your account.
✅ Take action: If scammers gain access to your Instagram account, they could break into your online bank account. Try an identity theft protection service to monitor your finances and alert you to fraud.
How Hackers Hack Your Instagram Account (And How To Stop Them)
Once you’ve regained access to your hacked Instagram account, you want to make sure that scammers can’t get back in.
So, how did they hack you in the first place? Here are the most common ways that scammers gain access to your Instagram account:
Phishing attacks that steal your login information
Phishing is a type of attack in which scammers impersonate a known or trusted organization (or person) and entice victims to click on dangerous links or download malicious attachments full of malware.
Scammers may even pose as Instagram and send an email asking you to change your password, or log in to become verified (this is a popular scam). Their website, however, is completely fake and set up to steal your login information for an account takeover.
Beware of common Instagram phishing scams, such as:
- Bitcoin investment “advice” and special crypto exchanges.
- Fake Instagram “support” accounts.
- Accounts that claim they can help your account get “verified.”
Related: The 10 Biggest Instagram Scams Happening Right Now →
Using leaked passwords from data breaches
Data breaches have leaked billions of usernames and passwords. Instagram, in particular, has had its users’ passwords leaked.
Once a site like Instagram has been hacked, those emails and passwords end up for sale on the Dark Web, where the average price of a hacked Instagram account is just $45 [*].
Hackers don’t even need your Instagram password to get into your account. Because 65% of people reuse passwords [*], hackers will take leaked username/password combinations and try them on different accounts, including your Instagram account.
Pro tip: Sign up for identity theft protection with Dark Web scanning. Aura constantly monitors the Dark Web for your personal information, including logins, passwords, or even your Social Security number (SSN). If any of your accounts are compromised or if your personal information is leaked, you’ll be alerted so that you can shut down scammers before they can do too much damage.
Malware that steals your username and password
If you click on a link in a spam email or scam text message, there’s a good chance that your device will get infected with malware.
This malicious software has a range of abilities — from stealing your personal data to scanning your device for passwords to even spying on every word you type. If your phone has been hacked, scammers can get into your Instagram account.
Related: How Do Hackers Get Passwords? (And How To Stop Them) →
Through third-party apps
Over the years, you may have connected multiple third-party apps with your Instagram profile or Facebook account — and then forgotten about them. Unfortunately, each third-party app poses a potential risk. If hackers attack a third-party app that has weak security, they can get into your Instagram account.
Related: How To Know if Your Phone Is Hacked →
Through a Wi-Fi attack or on public devices
Hackers can intercept your Wi-Fi via a “Man In the Middle Attack” (MitM), which allows them to access details and information from your connected device.
They may also be able to discover your password or access your account directly, compromising your Instagram account. This is particularly risky if you’re using public Wi-Fi in a café or airport.
You should also be cautious of logging into Instagram on unfamiliar devices. If you use a public computer or a friend’s phone — and forget to log out — someone else could change your account settings and lock you out.
Related: What Is Cyber Hygiene? 10 Easy Habits That Will Protect Your Online Accounts →
Here's What To Do If Your Instagram Account Gets Hacked
- Update and upgrade your passwords. Change any outdated or reused passwords. Consider using a password manager that helps you create and store unique and complex passwords so that you don’t have to remember them.
- Turn on two-factor authentication (2FA). This can help stop hackers from accessing your account even if they know your password.
Any login attempt will need a second form of authentication, such as through your phone or email. - Never give up your login or account details. Be wary if you get a direct message about an investment opportunity, a way to get verified, or tech support. Instagram will never ask you for your login information.
- Be cautious of “verification scams.” Hackers will pretend to be one of your friends who can’t access their account, and ask to send a 2FA code to your phone. But in reality, they’re trying to hack into your account. Never give out a 2FA code — no matter what the circumstances.
- Don’t click on suspicious links. Many Instagram scams and hacks start via private or direct messaging. A good rule of thumb is to never click on a DM link unless you’re certain it’s safe.
- Use antivirus software to protect against malware.
If hackers trick you into downloading malware, they can spy on everything you type — including your Instagram password. - Scan and remove third-party apps and other accounts. Removing third-party apps and accounts tied to your account limits the number of access points to your account.
- Be careful when entering your login details. Scammers will try and phish you by impersonating Instagram officials over email or DM, or linking to fake login sites. Before responding, always make sure any email comes from an official “Instagram.com” email address.
- Call or video chat with someone who is contacting you via DM. If you suspect that someone is reaching out to you from a hacked account, initiate a video call to see if it’s really them. You can also reach out to them directly via other communication channels like text, WhatsApp, or Telegram.
- Don’t trust account recovery services.
If you’ve publicly posted about your Instagram account being hacked, bots can use that against you. They’ll reach out about a recovery service that will help you “reclaim” your account. Don’t fall for it. - Sign up for identity theft protection. Your Instagram account can be the gateway to identity theft or even financial fraud. Aura’s all-in-one identity theft and digital security solution keeps your accounts, credit, and finances safe from scammers. And if the worst should happen, you’re covered by a $1,000,000 insurance policy for eligible losses due to identity theft.
✅ Take action: Protect yourself from the risks of identity theft and fraud with Aura’s $1,000,000 in identity theft insurance. Try Aura free for 14 days to see if it’s right for you.
The Bottom Line: Keep Instagram Scammers Out of Your Account
Instagram accounts are in high demand, and scammers are targeting the social media service at an increasing rate.
Many of the cybersecurity steps we recommend to protect yourself can help protect more than just your Instagram account. Practicing online hygiene and basic security steps can help secure your data and prevent dangerous and damaging attacks. If you think you might be at risk, consider signing up for Aura.
Stop scammers in their tracks. Try Aura for free for 14 days.
How to understand that you have been hacked and what to do about it
Our accounts in social networks and online services can be compromised, so it is very important to understand the risks and what to do to protect yourself - we have translated an article from Wired dedicated to these issues for you.
The average person is likely to face fewer complex threats than, say, a high-ranking official, activist, or CEO of a company. Public figures may be subject to phishing, which targets sensitive information from corporate networks or steals large sums of money. You, your friends and family are likely to face various other threats, from the revenge of acquaintances, to, more likely, attacks by criminal groups using automated tools for mass collection of credentials.
nine0003
“We all like to think that we are not subject to social engineering or other types of cyber attacks, but the truth is that even smart, conscientious people fall for online scams that can have devastating financial and social consequences,” says Jake Moore, Eset specialist.
Understanding threats is the key to success. Each person has their own pattern of threats to the things that matter most to them. What's important to you may not be as important to others, but there are shared values in the internet space, whether it's Facebook and Netflix or online banking and shopping. If one of your accounts is compromised, the stolen login or financial details may be used. For example, in a scenario where people order takeaway food through hacked personal accounts in Deliveroo. nine0003
While Facebook, Instagram, and other social networks are unlikely to contain your credit card information, there are other risks. Hacked social media accounts can be used to post compromising messages that defame someone, be used to harass or make up your portrait.
If you suspect you've been hacked, here's what to do.
.
Fix unusual behavior
.
The obvious sign that you have been hacked is the changes that have taken place. For example, you can't access your Google account using your regular username and password, or a suspicious purchase has been made on one of your bank accounts. These are pretty clear signs of an account being compromised. It is to be hoped that banks will detect any suspicious payments before things go too far. nine0003
But warning signs may appear before an account is hacked. An account that someone is trying to hack can signal unusual login attempts. For example, Facebook and Google will send emails notifying you of attempts to access your account. This usually happens if someone tried to log in and failed, but alerts can also be sent when someone has successfully logged in from an unfamiliar location.
Nearly every day, a company, app, or website suffers a data breach, from Adobe to Dungeons and Dragons.
Leaks can include phone numbers, passwords, credit card details, and other information. Companies should report hacks to you quickly, but there are third-party services for this, such as Haveibeenpwned and F-Secure identity checker. nine0003
.
Take back control
.
The moment you find out your account has been hacked, the hard work begins. Restoring control of an account can be difficult, depending on who has access to it, and it is likely that it will require the involvement of a large number of people, from administrators to law enforcement.
First of all, you must contact the company that owns your account. Each organization has its own policies, procedures, and instructions for recovering compromised accounts. They can be easily found with an online search. The Facebook account recovery tool is here; Google is here; Netflix is here. nine0003
When recovering a compromised account on the Internet, the recovery instructions will depend on how quickly you regain access.
If you are unable to access, you will most likely be asked for additional information (previous passwords, email addresses, security questions, and more). If a person claims to have accessed your account and sent you a message about it, do not click on the links they send, as this may be a lie in order to gain access to more personal information. nine0003
Company account recovery is the first step in regaining control. You need to make sure that all the apps and software you use (on your phone and desktop) are up to date. Further actions depend on what was compromised. For example, if you can get back into a hacked email account, it's worth checking your settings to make sure they haven't been changed. Because, let's say, the setting to automatically forward all your emails to another account can be enabled. nine0003
You should change the password of the compromised account and any other accounts using the same password and contact anyone who may have been hacked. So, if the messages were sent from your Instagram account or you are forced to create a completely new social media account, it is worth telling friends and family the details of the new page or explain what kind of spam came from you.
If necessary, you can report a break-in to law enforcement, for example, in case of bullying. nine0003
.
Secure everything
The best way to reduce the chance of being hacked is to limit what can be attacked. The better your online hygiene, the less risk you have of being hacked. Although some attacks will always occur, especially from actors with specific targets.
"Information about you is the key to a successful attack, so minimizing your personal data available online will force an attacker to find a less fortunate victim," says Moore. nine0003
If your accounts have been compromised once, you are more likely to be targeted again.
You must think about how much information you actively post on the Internet. “I advise making it difficult to access information about yourself,” Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, said earlier. - When you post photos of yourself on Instagram or post on Facebook or tag a location in a post, people can take that information and publish it without your consent.
What people can really say about you is what you have already said about yourself.” nine0003
There are many things you can do to make your accounts more secure. So, you should use a password manager to create and store unique, strong passwords. You shouldn't use the same password on multiple sites, even if you think the risk of being hacked is low.
If you were hacked into one account, you need to look at the other accounts you use: update passwords and check security settings. When you upgrade your accounts, you should use complex verification questions. Only you should know the answers. nine0003
In addition, take a moment to look at the accounts you no longer use. What information is stored there?
Like a password manager, multi-factor authentication (MFA) should be enabled for as many sites and services as possible. This is one of the most effective ways to protect your accounts from hackers. The most common type of MFA is two-factor authentication, which requires something other than a password to log into an account.
Most often this is an SMS message, an authenticator application, etc. A list of websites and applications that support 2FA can be found here. nine0003
For high threat individuals, there are a number of additional steps that can be taken. To increase your privacy and anonymity on the Internet, you can use a VPN, Tor, or Google's advanced security program.
***
Roskomsvoboda also has safety tips — visit the SAFE project page.
Original article
What to do if your Instagram account was hacked?
Take action on the website or app to secure your Instagram account if you think it has been hacked or is being used by someone else. If someone has accessed your account or you're having trouble signing in, visit this page in a browser on your computer or mobile device to help protect your account. nine0003
You can also try to restore access according to the instructions below. Some of the actions listed are not available for all account types, but we recommend trying each one.
Check if you received an email from Instagram
If you received an email from [email protected] informing you that your email address has changed, please try to cancel and secure your account by clicking on the appropriate link. If some other information has changed (for example, the password), and you cannot restore the previous email address, request a login link or Instagram security code. nine0003
Request an Instagram login link
To help us verify that the account belongs to you, request a login link that we will send to your email address or phone number.
To request a login link:
Click Get help signing in (Android) or Forgot your password? (iPhone or browser).
Enter the username, email address, or phone number associated with your account and click Next. If you don't have access to that username, email address, or phone number, enter the login information you last used. Then click Can't reset your password? under the Next button and follow the instructions on the screen.
nine0003
Pass verification to verify you are human (browser only).
Select your email address or phone number, and then click Next.
Follow the login link provided in the email or SMS and follow the instructions on the screen.
Request a security code or support on Instagram
If you are unable to recover your account using the login link, please request support.
To do this, follow the steps below. nine0003
Instagram app for Android
Instagram app for iPhone
Enter a secure email address that only you can access. After submitting your request, expect an email from Instagram with further instructions.
Learn more about what to do if you don't know your username.
Verify your identity
If you request support for an account that does not have a photo of you, you will receive an automatic email response from Meta Support. In order to verify your identity, we will ask you to provide the email address or phone number that you provided during registration, as well as the type of device from which you registered (for example, iPhone, Android device, iPad, etc.
