How to hack into my instagram
Instagram Hacked? Here’s How to Recover Your Account
Instagram is crucial for designers, serving as a marketing and networking tool that’s key to landing new clients. So what should you do if you’ve had your Instagram hacked? First, don’t panic—you’re not alone. “I’d say it’s common for the average user to get hacked to some degree in their life,” says Matthew Krull, a social media strategist at design-focused communications agency Novità. “I hear more often than not from my friends and colleagues that they’ve experienced some suspicious activity on their account.” But if you’ve had your Instagram account hacked, it’s important to recover it as quickly as possible. Here are the steps for how to get your Instagram account back, as well as measures you can take to bolster your cybersecurity.
Can you get your Instagram back if it’s been hacked?
The short answer: It depends.
If you’ve had your Instagram hacked, it is possible to get it back, but you need to move fast, so that the hacker can’t compromise your account further. If you act quickly, you might be able to kick out the hacker while they’re in your account and before they’ve changed your info, deleted your photos, or posted to your profile. That way you can save yourself the trouble of having to recover your Instagram account through a Meta support request.
But if the hacker has already gone beyond logging in and potentially changing your password, Instagram account recovery becomes a lot more difficult. Depending on how much damage they’ve done, Instagram may be able to help you recover your account. But brace yourself: If your account has been deleted by a hacker, there might be nothing the Instagram support team can do to recover your account.
How do I get my Instagram account back?
There are two different levels of hacking: One that only changes your password, and another that changes your password and contact info. Here’s how to report a hacked Instagram account, and how to recover your Instagram account as soon as possible.
What to do if a hacker has changed your Instagram password
If you’ve found that your password no longer works, simply follow the steps for setting a new one, as prompted by the login page on the Instagram app. Hopefully, the login link will be sent to your email account or phone number, and you can use a security code to log back in to your account and change your password. This would be the best case scenario, as you can solve the problem yourself without having to contact Instagram. (That said, it’s not a bad idea to contact Instagram customer service anyway and let them know that your Instagram account has been hacked—the company may point out some helpful security tips to keep your account safe in the future.)
You’ve had your Instagram hacked, and the hacker changed your password and contact information. Now what?
Hitting a brick wall at the login screen? Yikes. If you’re locked out of your social media account, and you don’t receive a password reset link when you request one via the Forgot password button, a hacker may have changed your email and phone number.
This is a more common type of hacking, as scammers know you will try to reset your password yourself, and they will want to keep control of the account for themselves. They may even hold your Instagram account for ransom, and request bitcoin or other plunder for you to get it back. If that’s the case, you’ll need to report the activity to Instagram by following the instructions here. They will ask you to verify your identity—you might even have to take a video selfie to prove you are who you say you are. This process likely won’t give you immediate access; it could take days or even weeks to recover your Instagram account.
Can you recover your Instagram account if it has been deleted?
In some cases, hackers might delete all your posts, or they might delete your account entirely. If they’ve deleted some but not all of your account, you might be able to retrieve posts by going into the Your Activity section of your Instagram account and selecting Recently deleted. There, you’ll find posts from the last 30 days as well as stories from the last 24 hours.
You can then restore those images or videos.
But if your account has been totally deleted, you might be out of luck. Instagram itself says, “When you delete your account, your profile, photos, videos, comments, likes, and followers will be permanently removed.” You can create a new account with the same email address you used before, but you may not be able to get the same username.
That said, there is a window in which you can recover your Instagram account. “If someone has deleted your account, you technically have 30 days to contact Instagram to explain that you have been hacked and [ask them] to put your account back up. Instagram claims it stores your data for that long,” says digital marketer Jonathan Simon, director of marketing and communications at the Telfer School of Management at the University of Ottawa. “However, this is a long shot. Once your account is deleted, it is likely gone.”
Interior designer Kristen McGinnis, for instance, was not one of the lucky ones.
Back in 2020, she found that she was logged out of her Instagram account due to suspicious activity—even though her two-factor authentication was enabled. “Instagram’s account retrieval process includes going through identity confirmation. I submitted this well over a dozen times within a month and received zero response,” McGinnis says. “Sadly, I never received any help, only headache and heartache.”
After a month, McGinnis gave up. She started a new Instagram account and used her inaugural post to explain what had happened to her former handle. She then started the arduous process of re-following her former connections, hoping they’d follow her back. Although many of them did, she needed to message others to reintroduce herself. The small silver lining was that her photos were auto-saved to her phone. Still, the mishap had a cost. “I lost a few thousand followers, many of whom I will never get back because I don’t know who to reach out to,” McGinnis says.
Even though no method of account protection is completely fail-safe, staying on top of security best practices can hopefully prevent you from having to rebuild your following.
You can also download your data periodically in order to keep a record of your posts, your followers, and even your comments—that way, if you have your Instagram hacked and eventually need to rebuild your account, you have a head start.
What should you do if you’re locked out of your Instagram account?
For starters, remain calm. Sometimes getting locked out—especially for business accounts—is simply due to an oversight. “For instance, let’s say a social media manager moves on from the company,” says New York– and London-based digital content consultant Charlene C. Lam. “If a transition plan isn’t in place, it may be a while before the remaining team members realize they don’t know the Instagram password.”
To mitigate that risk, keep your Instagram account recovery codes stored in a secure place. These recovery codes will be used to reset two-factor authentication, which will help you get your Instagram account back. They can be found on the Security page of the Instagram app.
Unfortunately, there may be an instance where you’ve been locked out because you were genuinely been hacked by a scammer.
What should you do if you suspect someone is trying to hack your Instagram?
There are a few red flags that may indicate that someone may be trying to hack your Instagram account (or already has). Three big ones: receiving a changed-password email from Instagram that you didn’t trigger yourself, receiving an unprompted email-change request from [email protected], and seeing posts you didn’t make. Here’s how to get help.
What to do if Instagram noticed suspicious activity on your account
If someone attempts to reset your password, Instagram will send you an email informing you of the change. “I take immediate action as soon as I get a notification or email from Instagram letting me know there was suspicious activity on any of the accounts I manage,” Matthew Krull says.
If you receive an email that someone has requested to change your password, and it wasn’t you, someone may be trying to hack your Instagram account.
Report the situation to Instagram via the link in that email, then immediately change your password.
If you received an email from [email protected] asking about changing the email address associated with your Instagram account, but didn’t make that request yourself, click the link in the message that says Secure My Account. If you are unable to get through the login page, the scammer may have changed your password. Don’t lose hope yet—you can still get help by requesting a login link or a security code.
But remain attentive when it comes to these Instagram emails: Some messages that appear to be from Instagram could be phishing attempts or scams from hackers. The good news is that Meta has developed a function to help protect you. If you enter the security section of the Instagram app, you can see what emails Instagram has sent you within the last two weeks. Reviewing that data should help you verify an email’s authenticity.
Keep in mind that other messages, like Instagram DMs and WhatsApp chats, can also contain phishing scams.
Stay alert!
What to do if you noticed suspicious activity on your account
If you notice photos or stories you didn’t post yourself appearing on your page, but you’re still logged in, you’ve probably been hacked on Instagram. You should change your password immediately, as doing so will kick the hacker out of your account. You should also manually log out of any suspicious devices via your login activity page, as well as revoke access from any third-party apps that might have had a security breach and exposed your login information.
How to protect your Instagram account
Hacking isn’t limited to high-profile Instagrammers. “Any account can be a target, because if the hackers are successful, they can use the hacked account to try to get important information like credit card numbers, addresses, and PINs from other unsuspecting users,” Jonathan Simon says.
A strong password is an obvious place to start—and yes, those strings of letters and numbers suggested by Apple’s iOS are pretty safe.
(If you’re concerned about remembering all of your logins, a digital password manager can help.) Still, there are a few additional steps you should take to thwart a potential hacking.
Turn on two-factor authentication
Two-factor authentication requires users to enter a security code from an authentication app or your cell phone via text message (SMS) every time they log in to a new device—and it’s a solid deterrent to scammers. Meta offers this service, and you can set it up via the security page in the app.
Check your login activity
Keep an eye on your login activity, which can also be found under the security section of the app. There, you’ll see all the devices that your Instagram account is currently logged into, plus their geographic locations. If you see suspicious activity here, you can log out of those devices from your current one.
Check which third-party apps have access to your Instagram account
Granting third-party apps access to your account is an easy way to share content across different platforms, but it does come with some level of risk: Hackers can break into those apps and steal your Instagram login info.
Head to your security settings, then click Apps and Websites to see what other apps have access to your Instagram account. Keep an eye out for any big data breaches that might affect those apps—if one happens, you’ll want to change your password immediately.
Enable auto-save
Though this measure won’t necessarily protect your account from hackers, it does give you a chance to save all your photos to your phone in the event you have your Instagram hacked and deleted. In the app, click on Settings, then Account, then Original Photos (iPhone) or Original Posts (Android), and make sure that Save is toggled on.
How Instagram accounts get hacked: 6 tactics used by hackers
How many Instagram accounts get hacked a year?
According to Notch's data, an Instagram creator account gets hacked every 10 minutes on average - meaning over 50,000 creator accounts get hacked every year. The hacking figure for all accounts, not just creator accounts, is much higher.
Every year, cybercriminals generate over $3 billion in revenue from social media attacks alone and hacking constitutes a large portion of these malicious incidents.
To help influencers and business owners protect their Instagram accounts, below we breakdown 6 tactics hackers use to extract personal information and bypass 2-factor authentication.
{{learn-more}}
How do Instagram accounts get hacked?
How do hackers hack Instagram accounts? There are default security features on Instagram, like 2-factor authentication, so how can hackers overcome these?
The general answer to that question is, in most cases, some form of social engineering.
In this context, social engineering refers to the act of manipulating and deceiving Instagram users into willingly providing confidential information.
1. False copyright infringement messages
The tactic
Instagram clearly states that you can only share original content that doesn’t violate copyright infringement laws.
That said, it’s possible for you to commit a copyright violation unintentionally, in which case Instagram would take action and reach out to correct the problem.
This has led to many cybercriminals actually impersonating Instagram representatives pretending to address copyright infringement issues. In these cases, a hacker sends a link to your email or through a private message on Instagram and asks you to log in in order to address the issue. This is a real-life example of a message that was used to hack @wandertears:
You can learn more about this case by checking out this article.
The link leads to a fake page that, even though it mimics Instagram’s login page, is actually designed to collect your username and password details. The only difference between the real page and the fake is a small variation in the URL, which is hard to detect.
To avoid raising suspicion, cybercriminals usually redirect you to one of Instagram’s legitimate FAQ pages that discusses the topic of copyright infringement.
The solution
There’s a couple different methods you can use to verify the messages you receive from Instagram. First, urgent Instagram notifications are usually delivered directly through the account interface or via email. If you receive a DM about your account, it won’t be legitimate - even if it’s from a profile that has the name “Instagram” in the username.
Second, Instagram now allows you to see a record of all security and login emails through your account. If you receive a suspicious email directly to your inbox, you should check this part of your Instagram account before opening the message.
From your profile, go to Security>Emails from Instagram. If you don’t see a record of the email, you should delete it right away.
{{subscribe}}
2. Deceitful verified badge offers
The tactic
You’re probably familiar with verified badges, the blue pins at the top of Instagram profiles that have been authenticated by the social network.
While valuable, this account feature is also at the center of another social engineering that hackers use to break into Instagram.
In this scenario, hackers send a private message or email that offers a chance to add a verified badge, linking to a deceitful website that collects your login information. They may request that you don’t change your profile data, like username or password, until the change has taken effect in order to gain enough time to break into your account.
Here’s an example of a verification badge scam email sent to the owners of pillow business, Cuddle Buddy.
The solution
There are a few tell-tell discrepancies here to help you avoid falling for such a scam. For starters, grammar mistakes like excessive capitalization should serve as a warning. Not only this, but the profile the message is being sent from does not belong to an official account nor does it have a verified account. It has the word “Instagram” in the name, but it doesn’t give any indication of being official.
Finally, note how the “contact us” text on the blue button is not centered properly, so it’s not consistent with other Instagram content.
To get a blue verification badge right now you need to apply through your profile, and the form you have to fill in should look a little something like this:
3. Illegitimate suspicious activity alerts
The tactic
Hackers that employ social engineering attacks leverage every piece of information they have at their disposal. For example, they sometimes design suspicious activity alerts that look like a legitimate notification from Instagram, but actually contain malicious links.
The solution
According to the Meta-owned social platform, emails from Instagram only come from “@mail.instagram.com” or “@facebookmail.com” addresses. Here’s an example of what a legitimate security email from Instagram looks like:
This security message is for a new login from a device that the user didn’t commonly sign in through.
Note how the email address is from a trusted source and how all of the design elements are aligned properly.
Even if the emails you receive look legitimate, we advise that you go to your Instagram account and verify that the security email was sent through there.
4. Fraudulent giveaways and brand sponsorships
The tactic
Fraudulent giveaways are especially troublesome because they exist in an ecosystem that is packed with legitimate promotional freebies. This form of social engineering can take two different shapes.
In its most traditional version, this type of hack operates like a false verified badge attack. The difference is that the hacker impersonates a big brand, exciting start-up, or similar renowned company that’s offering a big giveaway to specific social media influencers.
Some scammers even have legitimate-looking accounts that have been active for a while and have thousands of followers. The first message usually includes at least one spoofed link leading to a false Instagram login that’s designed to extract the username and password submitted.
A more complex form of fraudulent giveaways and sponsorships can occur when hackers have collected information about you, but still need a few more details to successfully breach your account. Instead of sending you a link to a spoofed login page, hackers may ask you to fill in a survey that asks for personal information, like your date of birth, mother’s maiden name, and other answers to common security questions.
Below is a real example of the phishing email that led to @FlipFlopWanderers getting hacked. Read their full story here.
The solution
Never rush or feel pressured into clicking links. Take time to investigate if the email looks legitimate: for instance, check for spelling mistakes and hover over the hyperlink to see if the URL leads to a familiar or safe website. To be extra safe, you could even Google the company supposedly sending the email, and contact them to check if they really did send you an email.
5. Counterfeit social media tools
The tactic
Managing a social media profile can take a huge amount of time, especially if you have a large base of followers.
There are many tools that can simplify the process, but you also have to evaluate each platform to make sure it comes from a legitimate developer.
Just as with malicious web extensions, hackers can create counterfeit tools that are supposed to improve functionality, but actually pose a security threat.
These tools usually look and feel legitimate, but bring you very little in terms of functionality and practical value. This type of scheme is not as common because it requires a significant amount of resources, but it’s still used by cybercriminals looking for bigger, more valuable targets.
When this type of attack is successful, target users integrate the counterfeit tool into their social media accounts. This fake tool can be used to set up man-in-the-middle attacks, intercept all data, and extract login details, among other data.
The solution
It’s normal to watch your budget, especially in the early stages of your Instagram account. But, working with lesser-known, low-cost tools increases the chances of being targeted by scammers.
To avoid this, you should opt for established tools that come from renowned providers or platforms that have been recommended by trusted peers.
6. Reverse proxy attacks
The tactic
All of the social engineering hacking techniques we’ve covered so far require hackers to manually create fake apps and website pages in order to collect details from their targets. With reverse proxy attacks, hackers don’t need to create a spoof website or app - instead they can automate the theft of credentials.
A reverse proxy attack is a type of man-in-the-middle approach - hackers direct victims to a domain that sits in between the user and the legitimate website. The URL will be very similar to the legitimate page, and the overall appearance in the malicious domain mirrors the legitimate page.
When applied to the Instagram context, you could receive a convincing email from a hacker that directs you to Instagram’s login page. What you don’t realize is that you’ve been sent to do this via a proxy server - so when you enter your credentials and log into Instagram, your information - including 2FA - is being intercepted in real time.
The solution
Be extremely cautious when clicking on links from your email inbox - always verify an email claiming to be from Instagram by checking your Instagram account. From your profile, go to Security>Emails - if the email doesn’t appear there, it’s likely a scam.
What Do Hackers Do After Hacking Your Account?
Now that we’ve answered the question “how do hackers steal Instagram accounts?” let's go over the reasons why these criminals may want to target your profile.
Like other types of criminals, hackers and other malicious actors flock to the most popular platforms because these present the biggest financial opportunities. Today, you can generate a significant amount of revenue from a large base of followers and hackers are eager to benefit from this.
Some of the common things a hacker may do once your account is breached include:
- Demand a ransom
- Scam your friends, family members, and customers. Investment, Bitcoin, and Romance scams are some of the most common.
- Sell your account on the dark web
- Use your account to run a fraudulent operation
- Make various types of illegal requests, like requesting lewd photos
Looking for the Best Way to Protect Your Account?
Hackers use a wide range of approaches and develop new techniques regularly to hack Instagram accounts and bypass Instagram’s default security measures. The number of social media scam victims in the US skyrocketed from 46,000 to 95,000 in 2021, and that number shows no signs of slowing down in the future.
Learning about the different techniques that hackers use and implementing security best practices as a counter are the first steps to keeping your Instagram account safe. Unfortunately, however, there is no way to guarantee your account against hacks - even users with multi factor authentication set up are falling victim. That's why we launched Notch - to finally give creators peace of mind.
{{learn-more}}
What to do if your Instagram account could be hacked?
Take action on the website or app to secure your Instagram account if you think it has been hacked or is being used by someone else.
If someone has accessed your account or you're having trouble signing in, visit this page in a browser on your computer or mobile device to help protect your account.
You can also try to restore access according to the instructions below. Some of the actions listed are not available for all account types, but we recommend trying each one.
Check if you received an email from Instagram
If you received an email from [email protected] informing you that your email address has changed, please try to cancel and secure your account by clicking on the link. If some other information has changed (for example, the password), and you cannot restore the previous email address, request a login link or Instagram security code.
Request Instagram login link
To help us verify that the account belongs to you, request a login link, which we will send to your email address or phone number.
To request a login link:
Click Get help signing in (Android) or Forgot your password? (iPhone or browser).
Enter the username, email address, or phone number associated with your account and click Next. If you don't have access to that username, email address, or phone number, enter the login information you last used. Then click Can't reset your password? under the Next button and follow the instructions on the screen.
Pass verification to verify you are human (browser only).
Select your email address or phone number, and then click Next.
Follow the login link provided in the email or SMS and follow the instructions on the screen.
Request a security code or support on Instagram
If you are unable to recover your account using the login link, please request support.
To do this, follow the steps below.
Instagram app for Android
Instagram app for iPhone
Enter a secure email address that only you can access. After submitting your request, expect an email from Instagram with further instructions.
Learn more about what to do if you don't know your username.
Verify your identity
If you request support for an account that does not have a photo of you, you will receive an automatic email response from Meta Support. In order to verify your identity, we will ask you to provide the email address or phone number that you provided during registration, as well as the type of device from which you registered (for example, iPhone, Android device, iPad, etc.).
If you request support for an account that contains a photo of you, we will ask you to take a video selfie of you turning your head in different directions. This way we can verify that you are a real person and confirm your identity.
After sending a video selfie, you will receive an email from Instagram to the email address you provided. With the help of this video, we will be able to verify that you are a real person and verify your identity.
Note. The video you send will never appear on Instagram and will be deleted after 30 days.
If we can't verify your identity using the received video, you can submit a new one for verification.
Note. Instagram does not use facial recognition, and we do not use this technology for video selfies. A video selfie allows us to verify that you are a real person, and we can manually verify it to grant you access to your account.
If you can log into your Instagram account
If you think your account has been hacked or has been attempted to be hacked, but you can log in, check out our security tips:
Change your password or request an email to reset your password.
Enable two-factor authentication.
Make sure you have the correct phone number and email address in your account settings.
Check the Account Center and remove linked accounts that you don't recognize.
Revoke the permissions of all suspicious third-party applications.
How to protect your Instagram account from being hacked
Hello everyone.
I am the marketing manager for Picalytics Instagram analytics and I decided to write an article for marketers and business owners, because in my work I encounter banal non-compliance with safety precautions several times a week.
Let's say you spent time and money promoting your account, fine-tuned your direct sales process, and got loyal customers. In the morning, you open Instagram to launch a promotion and... you can't log in to your account. In this article, you will learn about the “prevention” of hacking and what to do if your account is stolen.
As usual, your account is hijacked
You can register on Instagram through mail, Facebook or by phone number. With access to your smartphone (and therefore Facebook, mail), it is easy to access all the services associated with them. Therefore, they steal accounts through these "entry points".
First of all, check the relevance and security of the services linked to your account.
Then make sure that you have not specified the mail associated with the account in the contact methods.
And one more thing: you don't store access in Google Docs or notes on your smartphone, do you?
In addition to mail and phone theft, the most common hacking option is phishing (gaining access) to the account directly:
1. Cloned phishing
This is the usual copying of mail and official letters from Instagram. In this case, the attacker sends a letter that looks as close as possible to a letter from Instagram - both in interface design and in the sender's address.
The screenshots below show examples of emails from Instagram.
The role address can be different - you need to pay attention to the domain name (the part after @).
This is how a letter from scammers looks like.
Cloned phishing is designed for inattentive people and novice account administrators. Therefore, look both ways when you follow unknown links.
Business stories and useful tips
2. Access through third party applications and services
As a rule, these are photo editors, promotion automation, auto-posting, direct web versions, and so on.
Phishing apps are not tested by Google Play and AppStore. Such services, when registering, request access to an account or imitate authorization through Instagram.
Do not be afraid of authorization in third-party services: some options are not possible without access to the account.
Remember: authorization through Instagram takes place in a new tab on the official website of Instagram.
To check the list of applications that have access to your account, go to the application settings and click "Access Management". You have logged in to these applications through Instagram and can revoke access to your account from them.
If you have lost your smartphone or tablet with access to your account, change the password for Instagram and the service linked to it (mail or Facebook) as soon as possible.
In most cases, small Instagram accounts are hacked to be sold to third parties. On average, such "dead souls" cost $0.3-0.5.
In our experience with Instagram tech support, there is no relationship between account size (or ad budget) and response speed.
For example, after a major advertising campaign, we saw a duplicate account using our trademark (and this is a serious violation) and wrote to technical support. There has been no response from Instagram for three weeks. But there are exceptions to the rule.
How to get your account back after being hacked
Try to react quickly. If you are still you can enter to your account, change the password for linked services (mail and/or Facebook). Then enable two-factor authentication.
If you can't log in to your account over , try resetting your password via mail, Facebook or phone number.
Upon successful login, enable two-factor authentication.
If you do not receive notifications from Instagram when resetting your password and cannot log in via Facebook (if it was connected), then your account was linked to another mail, and also unlinked from Facebook and a phone number (if if they were connected).
In this case, we recommend that you send a request to Instagram support:
- Click "Forgot password".
- Open the account login page in the Instagram mobile app;
- Enter your nickname, email and phone number associated with your account.
Instagram can substitute the number of the SIM card currently in the phone in the phone number field - this is not always the number associated with the account.
By the way, we never received a magic link via SMS, despite the fact that the accounts were linked to a phone number.
If you did not receive a letter to your address or your nickname was changed, repeat the previous paragraph by entering both nickname and mail.
If you can't find your account using your old nickname anymore, look in your inbox for emails from Instagram. Didn't receive any information about the account change? Ask a friend to find out your current nickname through the history of correspondence in direct or from comments previously left on your behalf.
If you succeeded in logging in, change the password for your account and associated services (mail and/or Facebook). Then enable two-factor authentication.
What should I do if the login fails?
1. On the password recovery page, click "Need more help?" and enter all the requested information. Check the box next to "My account has been hacked". Send a request and wait for a response to the specified mail.
2. If you do not receive a response within a few days, repeat the request by checking the box next to "I forgot the mail associated with my account."
What to do with a nickname after being hacked
If you managed to regain access to your account, you can change your nickname to any free one.
Including your old nickname, if it has been changed.
In some cases, the condition for restoring access to the account by Instagram may be a change of nickname. In this situation, we recommend using a nickname that is as close as possible to the previous one: for example, add a dot or underscore.
If your account has been deleted, you can create a new account with the same email address, but you may not be able to use your old username.
Do's and Don'ts
- Offer scammers a reward or agree to buy the account back. Most likely, the account will not be returned or you will be asked to pay extra (and pay a little more).
- Show high activity immediately after the restoration of access to the account.
Conclusion
Hacking an account without the help of its owner is a difficult task. Don't let a moment of inattention deprive you of months of work on your account.
How to insure your account:
- Check the security and relevance of Instagram-related services.
