Have a Hacked Instagram Account? How to Protect Yourself

• The Identity Theft Resource Center (ITRC) saw a 1,044 percent increase in social media account takeover inquiries from 2020 to 2021. In 2022, the number of social media account takeover reports jumped 288 percent over the previous year.
• According to reports to the ITRC, scammers impersonate people their victims know and get their sensitive information. Criminals could also use data from past breaches to hack and spoof accounts.
• To avoid having your Instagram account hacked, use a strong and unique passphrase that you never share with anyone. Also, use two-factor authentication on your account, make sure the email associated with your account is secure, and do not allow access to third-party apps.
• If your Instagram account has already been hacked, follow the steps in Instagram’s Help Center to recover your account. Instagram also created Instagram.com/hacked, a place for people to report and resolve account access issues.
• Instagram says they are testing ways to help prevent hacking before it happens, as well as showing the blue verified badge for verified accounts in more places, so people know they are interacting with an authentic account.
• To learn more about hacked Instagram accounts and what you can do to say safe, contact the ITRC by phone (888.400.5530) or live-chat. Just visit www.idtheftcenter.org to get started.

Hacked Instagram accounts and scams on Instagram have been around for a while. However, the Identity Theft Resource Center (ITRC) began to see a significant rise in social media account takeover victim inquiries, including hacked Instagram accounts, in 2021, continuing throughout 2022. In 2022, the ITRC received four times the number of inquiries compared to 2021, and 40 times more inquiries than in 2020.

What is Happening?

According to reports to the ITRC, scammers impersonate people their victims know and get their personally identifiable information (PII). Some victims find out that they are locked out of their Instagram account and that scammers are posting things in hopes of scamming other people.

Some victims have reported that they did not give their information out to a scammer and that they still had a hacked Instagram account or suffered an account takeover. While people are being targeted in multiple ways to get login information, their account information may also have been accessed using information from breaches that include Facebook login information, particularly if the username and password were never updated.

The ITRC has also seen victims’ Instagram accounts spoofed using the victim’s public pictures. Cybercriminals then follow the same people the victim follows and sends them messages with a scam or malicious link.

The increase in hacked Instagram account cases is no surprise. According to Privacy Affairs Dark Web Price Index for 2022, the cost of a hacked Instagram account on the dark web is $40. For context, the price for a Social Security number does not even register on the list.

What You Can Do to Avoid a Hacked Instagram account

While the demand for hacked Instagram accounts is high, there are things you can do to protect yourself.

• Never share your password or any personal information with anyone else. Right now, scammers are playing on people’s emotions and building trust with their victims, so much trust that some people are turning over their PII. While scammers can be persuasive, passwords, PINS, codes or any other type of sensitive information should never be shared with anyone.
• Make sure your password is strong. Use a 12+ character unique passphrase because it makes it more difficult for hackers to crack your account. Also, passphrases are easier for you to remember.
• Use two-factor authentication (2FA) on your account. 2FA gives you an added layer of security, making it harder for criminals to hack your Instagram account. To use 2FA on Instagram, go to “Settings,” “Security,” and tap “Two-Factor Authentication.” Tap “Get Started” and select either “Authentication App” or “Text Message.” The ITRC recommends you use an authentication app because text messages can be spoofed.
• Make sure the email associated with the account is secure. A secure email account is an account that has security enhancements to offer more protection. If it is not secure, it could make it a lot easier for hackers to access your account and any other accounts associated with that email. It is also a good idea to secure your email with 2FA.
• Don’t download third-party apps within a social media platform. If third-party apps have your information, you may not know where it is being stored or how it is being stored. It is another place for hackers to get their hands on your valuable Instagram account credentials. Only download applications from the recognized application stores from Apple, Google and Microsoft.

What to Do If You Have A Hacked Instagram Account

If you believe your Instagram account has been hacked, there are steps for you to take.

• Visit Instagram’s account support website for hacked accounts. If you cannot log in to your account, enter Instagram.com/Hacked on your device. Next, select if you think you’ve been hacked, forgot your password, lost access to two-factor authentication or if your account has been disabled. From there, you can follow several steps to regain access to your account.
• Verify your identity with two Instagram “friends”. In 2022, Instagram began to test ways for people to ask their friends to confirm their identity to regain access to their account. This option is now available to everyone. Read here for more information.
• Check your email account for a message from Instagram. If you received an email from [email protected] that says your email address was changed, you might be able to undo this change by selecting “revert this change” in that message. If additional information was also changed (like your password), and you’re unable to change back your email address, request a login link or security code from Instagram.
• Request a login link from Instagram. To help Instagram confirm that you own the account, you can request that they send a login link to your email address or phone number. To request a login link:
  • On the login screen, tap “Get help logging in” (Android) or “Forgot password” (iPhone).
  • Enter the username, email address or phone number associated with your account, then tap “Next.” If you don’t know the username, email address or phone number associated with your account, tap “Need more help?” below the “Next” button and follow the on-screen instructions.
  • Select either your email address or phone number, then tap “Send Login Link.”
  • Click the login link in your email or a text message (SMS) and follow the on-screen instructions.
• Request a security code or support from Instagram. If you cannot recover your account with the login link sent to you, you may be able to request support for your hacked Instagram account. For more information on how to do this, visit Instagram’s Help Center for step-by-step instructions.

Instagram’s Next Steps

Instagram continues to work to take steps and make the platform safer. According to Instagram, they are currently testing ways to help prevent hacking before it happens, including sending warnings if an account they suspect may be impersonating a person or business requests to follow you or send a Direct Message (DM). Instagram now also shows the blue verified badge for verified accounts in more places (Stories, DMs, etc.) across the platform, so you know whether or not you are interacting with a legitimate account.

Contact the ITRC

To learn more about hacked Instagram accounts and what you can do to protect the information that a scammer may have access to, contact the ITRC. You can speak with an expert advisor toll-free by phone (888.400.5530) or live-chat on the company website. Just visit www.idtheftcenter.org to get started.

This blog was published on 10/7/21 and was updated on 1/11/23