Getting your Instagram account hacked is a serious situation—there’s no guarantee that you can recover a hacked Instagram account. And even if you eventually regain control, the account recovery process is time-consuming and frustrating.
If you use Instagram to promote your business, sell products, and connect with your fans, that could mean going days without access to a crucial social media channel. And since many hackers use the Instagram account to scam other Instagram users, you risk losing the trust of your audience.
It’s crucial to proactively protect your account and know how to take action quickly if hackers slip past your defenses.
Visually plan your content calendar and make your profile a "must-follow" with Buffer's suite of Instagram scheduling and analytics tools.
Start with a strong password
Your childhood pet’s name paired with an ! and your area code might meet Instagram’s password requirements, but it’s far from a strong password. If your password is easy to remember, it’s probably easy to hack.
Consider using password manager tools such as 1Password and LastPass that auto-generate random, complex passwords and store them in a virtual vault which is protected by encryption and multiple layers of authentication. All that is a techy way to say that your passwords are locked behind (virtual) doors that would make a heist-movie hacker sweat. Password managers are a win-win—you get secure passwords without having to memorize a long stream of gibberish for every app or site you use.
Use two-factor authentication
Two-factor authentication puts another barrier between hackers and your Instagram account. If anyone gets your password and attempts to log in from an unrecognized device or location, they’ll be asked to verify their identity with an authentication code.
To set up two-factor authentication, open your Instagram profile on mobile or desktop and go to Settings, Security, then Two-Factor Authentication. From there, you can choose either text messages or an authentication app.
Instagram recommends authentication apps such as Google Authenticator or Auth0 because they are designed specifically for this purpose, so they are more secure than text messages. Think of it this way—how many devices have access to your text messages? If you’re an iCloud user, for example, your text messages might pop up on your iPad or laptop as well.
Once you choose an authentication method, the app will also provide several backup codes in case you lose access to your authentication method. Screenshot your backup codes and store them in a secure location such as password-protected cloud storage like Google Drive or Dropbox.
Monitor third-party apps
Third-party access isn’t necessarily a bad thing, but it’s important to keep an eye on which apps are connected to your Instagram account. To check if any third-party apps have access to your Instagram, go to your Instagram Settings, then Security, then Apps and Websites.
If you use a third-party tool for Instagram analytics or to schedule Instagram posts, this is where you’ll see those connections. When deciding whether or not to keep a connection, ask yourself—is this tool secure on its own, and does this connection help keep my Instagram account secure? For example, a Buffer connection allows you to grant access to analytics and scheduling to multiple people without ever having to share your Instagram password. Plus, Buffer supports two-factor authentication, so your Buffer account is also secure.
Watch out for apps and websites that don’t need regular access to your account. It’s easy to use Instagram to log in to another app or make a purchase and then forget you granted access. Make sure you regularly check to avoid racking up suspicious third-party apps and, when in doubt, revoke access.
Keep in mind that some third-party tools are inherently risky. For example, apps with mass automation such as following/unfollowing accounts are both a security and terms of service risk—Instagram will flag accounts that use mass automation and potentially shut them down.
Learn how to spot phishing messages
Phishing—fraudulent communication designed to trick people into giving up sensitive information—is one of the most common ways of getting an Instagram account hacked.
Phishers slide into your DMs with official-sounding messages. Scammers often pose as an Instagram support account or Instagram copyright help center and try to convince you there is an urgent need to share personal information. Never reply to these messages or click on any links. The Instagram Creators account shared a warning about these types of DMs:
Emails from Instagram, built directly into the app, is only one official way for Instagram to contact you. You can view your emails by going to Settings, then Security, then Emails from Instagram, or check your inbox for emails from email@example.com.
How to recover a hacked Instagram account
If you suspect your Instagram account has been hacked, there are several steps to follow to regain control of your account.
Hackers usually change your password right away, but sometimes you’ll get lucky and still be able to access your account through a saved login. If that’s the case, immediately change your password, and enable all the security precautions we discussed in the previous section.
If you can’t log in, check your inbox for an email from firstname.lastname@example.org. Instagram may reach out to you if they detect suspicious activity. When caught early, changes can be reversed.
You can also request a login link from Instagram by selecting “get helping logging in” on an Android or “forgot password” on an iPhone. If the login link doesn’t work, you’ll need to request a security code. After that, Instagram will ask you to verify your identity by submitting a photo of yourself holding a paper with the security code written on it.
Sounds pretty complicated, right? Unfortunately, the process is both complex and time-consuming. Instagram also doesn’t guarantee account recovery, which is why we highly recommend being proactive about your Instagram account security.
Instagram management requires good security measures
Don’t put all your hard work at risk with weak passwords or lax security. Set up your security measures early so you can concentrate on creating and sharing great content for your audience.
You and your team can manage your Instagram posts, Stories, and analytics directly in Buffer without putting your Instagram account at risk. Get started today with a 14-day trial.