Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Instagram hacked: Everything you need to know

Yesterday you uploaded pictures to your Instagram account and exchanged comments with friends, but now something’s wrong. You try to log in to Instagram as usual – access denied. After a quick search online, you realize that your Instagram account got hacked. In this article, we’ll discuss how to protect your Instagram and avoid falling into cybercriminals’ traps.

Instagram hacked: Everything you need to know

How to know if your Instagram has been hacked

Your Instagram can be hacked. Depending on the source, between 20-25% of all social media accounts can expect to be compromised at some point. That’s why it’s a good idea to understand some of the signs that your Instagram may have been hacked.

  • You can’t log in to your account but you’re 100% sure the credentials are correct.
  • There are images on your account that you haven’t uploaded.
  • You realize you’re following profiles you don’t recognize.
  • Strange activity, such as spam appearing on your feed.
  • Suspicious links sent to your followers via your DMs.
  • Changed details such as your email address and phone number.

What to do if your Instagram account has been hacked

One billion people use Instagram every month, making it a tempting target for any hacker. Criminals will exploit social media privacy issues to get to your account data. So if you notice that something weird is happening to your account, don’t waste time searching “my Instagram was hacked.” Follow these tips to keep your account secure:

  • Change your Instagram password.
  • Enable two-factor authentication for extra security.
  • Report the Account Hacking to Instagram.
  • Check Your Login Activity.
  • Revoke access to any suspicious third-party apps.
  • Make sure your phone number and email address in account settings are correct.
  • Use Instagram Account Recovery. (If you cannot login to your account)

When somebody attempts to change your Instagram password or email, the app will send you a confirmation message. You can revert this change and prevent the attacker from taking over your profile.

To recover your stolen account, tap Get help signing in (Android) or Forgot password? (iOS) on the login screen and follow the instructions. If you’re still unable to recover your account, report the issue to Instagram. Once they contact you, verify your identity.

Check out our brief video on protecting your Instagram account below.

How your Instagram can be hacked

Whether or not your Instagram was hacked, it’s worth understanding some of the ways how this might happen. Unfortunately, we can’t cover every possible attack, but we can share some of the more common or easy-to-prevent cases out there:

  • MITM attacks: When using unsecured Wi-Fi, a man-in-the-middle attack can give an attacked the chance to steal your password or other information you transmit.
  • Bait and switch attack: Be careful if you ever receive a link taking you to an Instagram log-in page. It could be a scammer’s site set up to look like Instagram. When you enter your username and password, they’ll get a hold of them for themselves.
  • Facebook link vulnerability: Many users like to link their Facebook and Instagram accounts, since both apps are owned by Meta. This can be convenient, but it also means that if anyone breaks into your Facebook, they’d gain access to your Instagram as well.

There are too many potential avenues of attack to list them all. Your best bet is to read our blog and educate yourself about cybersecurity threats.

Online security starts with a click.

Stay safe with the world’s leading VPN

How to prevent your Instagram account from being hacked

  1. Avoid connecting to Instagram via Facebook: Many people use Facebook to log in to Instagram and other apps, which is one of the biggest mistakes you can make. If your Facebook credentials get exposed, a hacker can seize all your related accounts in the blink of an eye. Create individual logins for every account you have — this might save you a lot of trouble in the future.
  2. Always use a strong password: A strong password should include letters, numbers, and special characters. For maximum Instagram security, we recommend trying a password manager: it generates strong passwords for you and keeps them secure. And don’t forget to change your passwords from time to time, as this is one of the best practices of cyber hygiene.
  3. Keep your password to yourself: Don’t share your Instagram password with anyone. Even if you trust them, they might make mistakes that will leave you vulnerable without wanting to hurt you.
  4. Monitor your login activity: Instagram sends notifications via email when someone tries to log in to your account from an unexpected location or IP address. You might trigger these warnings when using a VPN, but don’t ignore them. One day, they might clue you in if someone is trying to access your account. That would be a good opportunity to change your password!
  5. Watch out for Instagram phishing: As we mentioned earlier, phishing is a common way for scammers to gain access to people’s accounts. Before entering your Instagram password anywhere, triple-check to make sure that the login link is legitimate. Phishing links can also be used to deliver malware, and NordVPN’s Threat Protection Pro feature can help you here. It will stop you from landing on malicious websites and will also stop malicious ads and trackers. It can protect your from cyber threats before they hit your device.
  6. Don’t talk to strangers: It’s easy to fall for a phishing attack and or a scam on Instagram, so never click on any links received from strangers. If you see that a suspicious account has followed you, block it.
  7. Enable two-factor authentication: Two-factor authentication is an additional step in the login process. Every time you want to access your account, you must type a code you received via SMS or an authentication app. While this might seem like drudgery and may take more time to log in, it’s worth enabling, as it adds an extra layer of security.
  8. Delete your Instagram account: This might not be the right choice for some readers, but if you’re on the fence already, one possible solution is to simply delete your Instagram account. Reducing your security and data footprint is only one reason why some people choose this option.
  9. Make your Instagram private: You can easily make this change from your Instagram “Privacy” settings.
  10. Protect your Instagram data from third-party apps: You can stop third-party apps getting your data from your Instagram “Security” settings.
  11. Avoid viewing Instagram posts on other platforms: Various online articles often contain embedded Instagram videos and pictures. Clicking on these redirects you to the original post. Be careful with those links — hackers sometimes set up fake Instagram login pages to take over your password. If you have a feeling that the website you’re browsing might be shady, don’t click on any links and avoid logging in to your account.
  12. Use a VPN: A VPN encrypts your internet traffic and masks your IP address, providing you with the digital privacy we all need so badly. NordVPN is an easy-to-use app that works across different platforms and protects you from snoopers. It helps to secure your data and avoid man-in-the-middle attacks commonly used to intercept users’ credentials.


Instagram is just as vulnerable as nearly any other site or app we use every day. Therefore, the best defense goes beyond any Instagram-specific defense. Maintain proper device, password, and internet security and your Instagram will remain secure along with everything else you do online. You can get started by downloading NordVPN.

Online security starts with a click.

Stay safe with the world’s leading VPN