Instagram is one of the most popular and fastest-growing social media platforms, with roughly 1 billion new members joining the platform between 2020 and 2021, and even more anticipated to join in 2022.
Unfortunately, as more people are using social media platforms, there are also more threats to online security and private information. Whether you use Instagram to share pictures with friends, build a following, or establish a brand for your business, the consequences of your Instagram account being hacked can be substantial.
Here, we’ll explain what hacking is, how to spot it, and what you can do to protect your Instagram account from being compromised in the first place.
How do I know if my Instagram account has been hacked?
When we talk about your Instagram account being hacked (or compromised), we’re referring to your account being accessed by someone who is 1) not you, or 2) not authorized by you to access your account.
The best way to know if your Instagram account has been hacked is if you notice any changes that you didn’t make yourself, such as:
- Posts, stories, or reels that you did not create being uploaded to your account,
- Comments, replies, or reactions from your account that you did not post,
- Messages that you did not send, or message threads with people that you don’t know,
- Or any changes to your account, including name, profile picture, description, username, etc.
In addition to these public changes, changes to your account settings can also be an indicator that your Instagram account has been hacked. These are changes such as updated security settings, added third-party apps, or new phone numbers or email addresses added to your account. Some of these changes can result in you losing access to your account altogether, and not being able to log in.
Instagram may also reach out to you if something looks shady in regards to your account. In some cases, if personal information such as the email attached to your account is changed, you may receive an email notification with the option to revert the change.
How can my Instagram account get hacked?
There are a few ways that unauthorized people can gain access to your Instagram account:
- A data breach exposes your information, either through the platform itself or through a malicious third-party website or app that is linked to your account
- You are targeted by and follow through with a phishing attempt
- Your account password is not secure
In the case of a data breach, it is likely you will be notified, either by Instagram or, if the breach is large enough, through news coverage. In this case, you will need to go through the steps to secure your account regardless of whether or not your compromised information has been used to access your account.
What is phishing?
Phishing is when someone attempts to get you to reveal personal or private information by posing as a trustworthy entity (such as someone from Instagram’s support team) or threatening your account if you don’t do as they ask. Phishing attempts can occur both on Instagram’s platform and through email, and some are easier to spot than others.
If you aren’t sure if a message is verifiable, or you worry you may be a target for a phishing attempt, do not click any links, respond to the message, or reveal any sensitive information. Report the attempt to Instagram by emailing phish@instagram.com.
You can’t defend against every data and security breach, but you can educate yourself about what to look out for and secure your Instagram account with best security practices to be better protected against hackers.
You can’t defend against every data and security breach, but you can educate yourself about what to look out for and secure your Instagram account with best security practices to be better protected against hackers.
The Consequences of Your Instagram Getting Hacked
Instagram is one of the fastest-growing social media platforms, with roughly 2 billion active monthly users. Over 50 billion photos have been posted on the platform to date, and there are over 200 million businesses that use Instagram to reach customers. The platform’s growing popularity is likely attributable to its appeal to younger users, as users aged 18 to 34 make up the largest age group on Instagram.
As one of the most active and growing social media platforms, Instagram’s influence can be significant, as can the consequences if your account is compromised:
- Access to your Instagram account means access to your private information. If someone gains access to your account, they will be able to access sensitive information related to you, including your email address, phone number, payment information, etc.
- If you have many followers on Instagram, so will your hacker. If your account is compromised, this could have an effect on your audience. Hackers with access to your account may attempt phishing or scam attempts through your account, targeting your followers. This could result in more Instagram accounts being compromised.
- More than just your Instagram could be compromised. If your Instagram account is compromised, it’s possible your Facebook account has been compromised as well if the two are linked.
- If you lose access, you may lose your account. If you are locked out for good, either because you no longer have access to your account and cannot recover it or because you don’t have access to the email linked to your account, you may have to abandon your old Instagram account and start over.
- If you use Instagram for branding purposes, a breach could harm your reputation. It may be difficult to recover from the effects of your account being hacked, even if you move quickly, particularly if you are a public figure, have a large following, or utilize Instagram for professional or branding purposes.
What You Can Do When Your Instagram is Hacked
If you suspect that your Instagram account has been hacked, there are steps you can take to recover and secure your account.
The first question to ask yourself is: can you still log into your account?
If the answer is yes, you must immediately change your password.
To do so, sign in to your Instagram account, go to Settings, and click on Changes Password. Enter your old password, and then your new password.
The new password you choose must be secure, meaning that it uses several different uppercase and lowercase letters, numbers, and other symbols, is unique from passwords you use for other websites, is at least 10 characters long, and has not been shared with anyone.
If you can’t sign in to your Instagram account, you will have to follow the steps to recover your account.
Check Your Email
If the email address associated with your Instagram account has been changed, you will receive an email from Instagram confirming that you made this decision. If you are not able to log into your account and fear that you have been hacked, search your inbox for an email from security@mail.instagram.com. If you received an email from this address indicating that your email has been changed, you can choose to revert this change and take the first step to secure your account.
If you have not received an email from Instagram, or if you are not able to regain access to your account through your email, you will have to move on to the next step.
Request a Login Link
If you cannot regain access to your compromised Instagram account, you can request a login link from Instagram to be sent to your email or phone number. To request a login link, click either “Get help logging in” or “Forgot password?” (this language will change depending on whether you access Instagram via an Android or iPhone).
Enter your username, email address, or phone number, and select either your phone number or email address for the login link to be sent to. Click the link and follow the instructions.
Request a Security Code
If the login link does not work and you are still not able to access your Instagram account, you can request a security code. To get a security code, click the “Need more help?” option when going through the steps to request a login link, and then request a security code.
If you do not receive a security code for whatever reason, you will need to verify your identity.
Verify Your Identity
If none of the above steps have helped you regain access to your compromised Instagram account, you will need to verify your identity.
For a personal account or an account with pictures of you included, Instagram will require you to send a video selfie to confirm your identity. Once you have submitted the video, Instagram will determine if this is enough to verify your identity to recover your account. If the video does not verify your identity, you can submit another video.
If your account is a professional account or does not have pictures of you, you will be asked to verify the account by providing the email address or phone number the account was created with and the type of device used at the time of sign up.
How to Secure Your Instagram Account
Once you have regained access to your compromised Instagram account – or if you want to secure your account before you get hacked in the first place – there are steps you will need to follow to secure your account.
1. Review your Account’s Devices
In your Settings on Instagram, you are able to see which devices are logged into your account. To review these devices, go to your Settings and click on Login Activity.
Make sure that you recognize all of these devices, and log out of any devices that you no longer use or do not recognize, particularly if your account has recently been compromised. To maintain your account security, check the logged-in devices regularly to make sure no one has unauthroized access to your account.
2. Turn on Two-Factor Authentication
Two-factor authentication is one of the best ways to protect your Instagram account. Two-factor authentication requires you to verify account logins on multiple devices, meaning if you log into your account on a new device, you will have to verify this login on a secure device, such as your cell phone. Thus, hackers attempting to access your account will not be able to without access to your phone or authentication app, making it much harder for your account to be compromised.
3. Review and Revoke Third-Party Access
As stated earlier, malicious third-party apps or websites can be the source of a breach to your Instagram account, so following a breach – or before a breach has happened – check the apps that have access to your account and revoke access to any that you 1) do not recognize, 2) do not trust, or 3) no longer use.
4. Use Best Practices When it Comes to Your Password
Obviously, if any of your accounts are hacked, you should change your password to a new, secure, unique password as quickly as possible.
But even if your account has not been compromised, you should be sure to practice good habits when it comes to your passwords:
- Change your password regularly,
- Do not reuse passwords, or use the same password for multiple accounts,
- And never share your password with anyone.
Regularly changing your password may seem like a bit too much maintenance, but by keeping your passwords as strong as possible, you will have the best chance of protecting your account from being hacked.
5. Pay Attention to Your Account
If your account has been compromised, changes that you didn’t make will be one of your best tip-offs. The more aware you are of your account, the more likely you are to notice a change.
Regularly check your security updates, emails from Instagram, authorized devices, and public posts to stay up-to-date on suspicious activity, and check in with messages, comments, followers, or any other aspects of your account where changes may indicate someone has accessed your account.