How to recover a hacked Instagram account
If your Instagram account was hacked, act fast. Most recoveries succeed when you secure your email first, then use Instagram’s official recovery options to prove you own the account. This guide covers the correct steps, including what to do if the hacker changed your email, phone number, or password.
Signs your Instagram may be hacked
- Your password no longer works
- Your email/phone on the account was changed
- Posts, stories, or DMs were sent that you didn’t create
- You get emails from Instagram about changes you didn’t request
- You see login alerts from locations/devices you don’t recognize
Step 1: Secure your email first (very important)
Instagram recovery depends on your email. If the hacker controls your email, they can intercept recovery links.
- Change your email password immediately
- Enable 2FA on your email (Gmail/Outlook/Yahoo)
- Check your email “forwarding rules” and remove anything suspicious
- Check “recent activity / devices” and sign out of unknown sessions
Step 2: Check for an Instagram security email and undo the change
If the hacker changed your email address, Instagram often sends a message like “Your email address was changed.” Open that email and look for a link/button such as Revert this change or Secure your account. Use it immediately if available.
Step 3: Use Instagram’s hacked account recovery flow
On the Instagram login screen, tap:
- Forgot password? (Android/iPhone), or
- Get help logging in (some versions)
Then choose the option like:
- My account was hacked, or
- Need more help?
Follow the prompts to request a login link or recovery code to your email/phone. If your email/phone was changed, choose the option that says you no longer have access and continue to identity verification.
Step 4: If asked, complete identity verification (selfie video)
Instagram may request a selfie video to confirm you’re the account owner, especially if you have photos of yourself on the account. Record the selfie exactly as instructed (good lighting, face centered, no filters).
If your account is a business/brand account without your face, Instagram may ask for other verification information (such as email/phone history).
Step 5: If you can log in, kick the hacker out immediately
Once you regain access, do these steps before anything else:
- Change your Instagram password to a strong, unique password
- Turn on 2FA (Authenticator app is best)
- Log out of unknown devices/sessions
- Remove suspicious linked accounts/apps
Step 6: Remove suspicious devices and apps
Logins/devices:
- Instagram Settings → Accounts Center → Password and security → Where you’re logged in
- Log out any device or location you don’t recognize
Third-party apps:
- Settings → Security → Apps and Websites
- Remove anything you don’t trust (followers/likes tools are common attack sources)
Step 7: Undo damage (posts, ads, messages)
- Delete posts/stories you didn’t publish
- Warn followers if scam DMs were sent
- If you ran ads or connected payment info, review those settings immediately
If you don’t get the recovery email/code
- Check spam/junk folders
- Search your inbox for “Instagram” or “security@mail.instagram.com” (if available)
- Try recovery using your username instead of email
- Try the recovery flow again from a different device or network
Common mistakes to avoid
- Don’t pay “recovery agents” or strangers claiming they can get it back
- Don’t share your verification codes with anyone
- Don’t install random APKs or remote-access tools
- Don’t reuse passwords across Instagram and email
How to prevent future hacks
- Use a unique password and a password manager
- Enable 2FA (Authenticator app preferred)
- Avoid “free followers/likes” tools and unknown apps
- Review login activity regularly
- Secure your email account (2FA + remove forwarding rules)
Quick checklist
- Email secured (password + 2FA)
- Instagram recovery flow completed
- Password changed
- 2FA enabled
- Unknown devices logged out
- Suspicious apps removed