Instagram hacks don’t always start with a dramatic “you’ve been locked out” moment.
More often, it starts with something small: your followers asking why you just sent them a weird link. Your account suddenly following hundreds of random profiles. A post you didn’t write showing up in your feed. Or an email from Instagram saying your login details were changed.
By the time you realize what’s happening, scammers may already be using your account to impersonate you, message your followers, or promote fake giveaways and crypto scams through your profile.
This guide walks you through exactly what to do if your Instagram account has been hacked: how to spot the warning signs, how to regain access, and what to change immediately so it doesn’t happen again.
And if you’re still having trouble at any stage, be sure to visit Instagram’s official recovery tools for additional support.
Signs Your Instagram Account May Be Compromised
Instagram account takeovers don’t always look obvious at first. In many cases, the first signs are subtle changes you didn’t make.
Watch for these red flags:
Password or email changes you didn’t request: You may receive an email saying your account information was updated.
Suspicious login alerts: Notifications about a login attempt, new device, or verification code you didn’t request.
Posts, Stories, or Reels you didn’t publish: Scammers often post crypto promotions, fake giveaways, or sketchy links.
DMs you didn’t send: A common tactic is using your account to message your followers with phishing links.
Your account starts following random accounts: Hackers may use compromised accounts to inflate scam pages or bot networks.
Your profile info has been edited: Name, bio, profile photo, or website links changed without your permission.
If any of these are happening, assume your account is compromised and start recovery steps immediately.
What to Change Immediately If Your Instagram Account Was Hacked
If your Instagram account was hacked, assume your login details may have been stolen.
That means simply getting back into your account isn’t enough, you also need to update the passwords and settings attackers could still use.
Here’s what to change right away:
- Change your Instagram password
- Change the password for the email account connected to Instagram
- Turn on two-factor authentication (2FA)
- Log out of all active sessions/devices
- Remove suspicious third-party apps connected to your account
- Confirm your phone number and email address are correct
- Check Accounts Center and remove linked accounts you don’t recognize
- Update any other accounts that share the same password
If you suspect the hack started through malware or a phishing link, it’s also smart to update passwords for other sensitive accounts tied to your identity, like banking apps, payment apps, or your Apple/Google account.
Using a password manager like McAfee’s can help you create strong, unique passwords for every account, and store them securely in one place.
Step-by-Step: How to Recover a Hacked Instagram Account
Instagram provides several recovery options depending on what information you still have access to (email, phone number, username, or trusted device).
| Step | What to Do | Why It Matters |
| 1. Visit Instagram’s hacked account recovery page | Use Instagram’s official hacked account recovery flow in your browser or app. | This is often the fastest way to secure your account and start recovery. |
| 2. Check your email for security messages from Instagram | Look for messages about password changes or email changes. If Instagram gives you a link to undo the change, use it immediately. | If a hacker changed your email address, this may be your quickest chance to reverse it. |
| 3. Request a login link | Use “Forgot password?” to request a login link sent to your email or phone number. | This can restore access even if your password was changed. |
| 4. Request a security code or additional support | If login links aren’t working, follow Instagram’s prompts to request further help. Use an email address only you can access. | If the attacker changed your contact info, you may need additional verification steps. |
| 5. Complete identity verification if prompted | Instagram may ask you to verify your identity, including submitting a video selfie if your account contains photos of you. | This helps Instagram confirm you’re the real account owner. |
| 6. Change your password immediately after regaining access | Reset your password to something strong and unique. | This cuts off access and helps prevent repeat takeovers. |
| 7. Remove suspicious linked accounts and apps | Check Accounts Center and remove anything unfamiliar. Revoke access for any third-party apps you don’t trust. | Hackers may leave behind access routes to get back in later. |
| 8. Turn on 2FA and login alerts | Enable two-factor authentication and set alerts for new logins. | This makes it much harder for attackers to regain access. |
If you’re still unable to recover your account, visit Instagram’s official support and recovery tools for additional help.
Watch for Phishing “Instagram Support” Scams
One of the most common ways Instagram accounts get hacked is through phishing.
Scammers impersonate:
- Instagram support
- verification teams
- copyright violation notices
- “your account will be deleted” warnings
- fake giveaway collaborations
Their goal is to pressure you into clicking a link and entering your password on a fake login page.
If you receive a suspicious email or DM, don’t click.
Instead, open Instagram directly in the app and check your security settings from there.
If you think you entered your login info into a suspicious link, change your password immediately and secure your account right away.
Final Tips: Recovering From an Instagram Hack
A hacked Instagram account is stressful for a reason: it doesn’t just affect your profile. It affects your followers, your reputation, and your private messages.
The most important steps are:
- Act quickly
- Check your email for Instagram security alerts
- Use Instagram’s official hacked account recovery tools
- Change your password immediately
- Log out of all active sessions
- Remove suspicious apps and linked accounts
- Enable two-factor authentication (2FA)
- Scan your device for malware
McAfee offers a free antivirus scan that can help you detect malware or suspicious programs that may have compromised your account in the first place.
And if you’re still locked out or something doesn’t look right, follow Instagram’s official recovery guidance and contact Instagram support directly.
Frequently Asked Questions
| Q: How do I know if my Instagram account was hacked? A: Common signs include password or email changes you didn’t request, suspicious login alerts, DMs you didn’t send, posts you didn’t publish, or unexpected changes to your profile details. |
| Q: What if my Instagram email address was changed? A: Check your inbox for an email from Instagram about the change. In some cases, Instagram may provide a security link that lets you reverse it. If you can’t undo the change, start the hacked account recovery process as soon as possible. |
| Q: What if I can’t log in at all? A: Use Instagram’s official hacked account recovery tools. Depending on your situation, Instagram may offer login links, security codes, or identity verification options to help you regain access. |
| Q: Should I remove third-party apps after a hack? A: Yes. Some account takeovers happen because an unsafe app was given access. Remove anything you don’t recognize or no longer use. |
| Q: What’s the biggest mistake people make after getting hacked? A: Only changing their Instagram password. If the attacker still has access through your email account, linked accounts, or suspicious third-party apps, they can regain control quickly. |
| Q: Can Instagram ask me to verify my identity? A: Yes. In some cases, Instagram may ask you to confirm ownership through verification steps. This can include submitting additional information or completing a video selfie process. |
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
