Instagram: How To Avoid Being Hacked (Our Useful Tips)

OMG, my Instagram has been hacked! Has this ever happened to you? We’re sorry to hear that if the answer is ‘yes’, and read this carefully if it is a ‘no’. Being proactive in terms of Instagram security cannot be overestimated.  

There has been a sharp rise in the number of Instagram accounts that have been hacked since last October. Some accounts are stolen due to personal reasons. For instance, an ex-boyfriend might hack your account in revenge or for spying on you. But more often is the case when cybercriminals hack accounts for stealing and selling your personal data. Hackers may obtain your login and password through a third-party website you used. Since people tend to use the same passwords for a couple of websites, which is why it is highly likely that it will match your Instagram password.       

Besides that, the wider your online presence is or the bigger your audience grows, the more exposed to being hacked and scamming your account becomes. No matter what, your popularity turns you into an easy target.   

Losing control over your Instagram account entails serious risks, especially if you’re using your Instagram account for promoting your business, selling goods and services, and communicating with your audience or fans. Those days without access to your account may result in sales decrease or even reputational damage since scammers often hack accounts to tarnish a company’s reputation. The recovery process can be tiresome and time-consuming and there is no guarantee for success.  

Though there are proactive hacks to protect your account from being hacked.  

– Poor password hygiene opens doors to all your accounts. Make up a strong password. So as not to burden yourself with making up and memorizing those complex passwords you can use a special password management tool to your aid. It generates a random password and stores it in a virtual vault to protect it from hackers. 

– Using two-factor authentication adds an extra layer of security to your account. Even if a scammer gets your password, he will need an authentication code. The two-factor authentication setup is pretty easy. Just open your Instagram account and go to settings. There you can opt for the authentication method as shown below. Besides that, there are authentication apps to add extra security like Google Authenticator, Auth0 or Apple Passwords.  

           – The third-party applications that have access to your account are not necessarily a bad thing. But you are supposed to keep track of the websites your Instagram account is connected to. Be careful of the third-party tools you might be used for scheduling Feed posts or Stories, mass automation, etc. Logging in to third-party websites that do not require regular access to your account using Instagram might not be a good idea as well. You can always check it in your account settings as shown in the picture. 

– Beware of phishing activity. The sneakiest scammers can get into your DM’s trying to pretend Instagram support or Help Center asking to share your sensitive information. Never click the links they provide or reply to those messages. Remember that built-in emails from Instagram are the only way the platform can contact you.  

How to regain control 

If your account has been hacked, there are two possible scenarios. The first one is the most favorable. Sometimes even if you are hacked you can still log in to your account. If that is the case, you need to act fast and change the password immediately and follow the instructions above. 


If you’re facing the worst scenario the first thing you should do is check your email (the email address you used when creating your account). As a rule, the platform sends you a confirmation from [email protected] that your password has been changed. If you did not do it, then secure your account. Do you still remember about phishing? If you received an email notifying you that someone has changed and that wasn’t you, you may click ‘Revert this change’ and eventually log in to your account. Do not forget to change your password afterward.   

The second option is to request a login link from the platform by tapping ‘get help logging in’ on Android or ‘Forgot password’ on iOS and follow the instructions. You will have to provide your email address, username, and phone number. After selecting your email address or phone number click ‘Send login link’.  

          If for some reason it did not work or you cannot access your email address you need to request a security code. After tapping ‘Forgot password’ you need to provide the username or your phone number and click ‘Need more help’ and follow the instructions. Check your email because you are supposed to receive an email from Instagram asking to verify your identity. It might sound a bit complicated but it works. You will have to send a picture or video of you with a sheet of paper with the security code on it.  

The last option and the last resorts are Facebook Support and Live Chat with a Facebook Representative. Facebook is often connected to personal and business Instagram accounts. Facebook chat is intended to help with running ads and Business accounts support. You need to go to Business Help Center. If the Chat button does not pop up, opt for Business Account, and tap Other Page Issue. Those representatives can give you a couple of pieces of advice. Once you have done that all you need to do is just wait a little bit. It might take an hour or a day to get your account back, but do not despair.

To cut a long story short, here are some basic steps you should take: 

  • Enable 2FA. 
  • Always check the email address you receive from Instagram (see above). 
  • Provide strong password consisting of letters and digits or use a password generator app. 
  • Make sure third-party websites are safe (Facebook, posting, and mass following apps). 
  • Connect your account to a valid email address, phone number, and Facebook profile. 
  • Do not mention your email in the Instagram account description. 
  • Keep track of your activity and active sessions. 
  • Ex SM and target managers or Lead generation specialists should be deprived of access to the account. 
  • Hide your ‘online’ status in the settings.  
  • Always change your password if you detect any suspicious activity. 

Did you find it useful? Let us know. You can also subscribe to VAfromEurope weekly digest to get the latest media news or useful hacks. 

Don’t miss our latest updates – subscribe to our newsletter email and get fresh articles to your inbox.