First, ask yourself these two questions:
1) Am I 100% sure I have not forgotten my password?
2) What makes me think I have been hacked?
Some typical signs include:
Blocked access— You can no longer access your account as your username and/or password are different.
Security email from Instagram— You have received an email from [email protected] with a request for an email address change. The email will contain a link that will enable you to "revert the change" or "secure your account". This link MUST be clicked almost immediately once you receive the security email in order to get back control quickly.
Unusual login activity— In your account settings you can view the locations and timestamps of any logins, in addition to the devices used. If you use a VPN, Instagram might register the exit IP address, so confirm it matches the activity location.
High data usage— Like longer screen time, a higher-than-usual data usage can signal an account breach.
Suspicious behavior— Any odd posts/comments/shares sent from your account that you do not recognize can indicate compromise.
Primary Recovery Options
If you have been hacked, and can no longer access your Instagram, there are a few options (all with varying levels of success). The most effective ones are at the top:
Before you do anything, Secure the email account linked to your Instagram. All of the verification emails and login links to recover your account will be sent to this email address, so this is crucial. This means changing/confirming a unique password to your connected email account and enabling Two Factor Authentication.
Video Selfie within the Instagram App (Click link for detailed Instructions)
Depending on your account type, there are two ways Instagram can then verify your identity.
Account with pictures of you: you must submit a video selfie of yourself turning your head in different directions so that it can be compared with pictures you have posted of yourself. The review process make take up to 2 business days, and the video will be deleted within 30 days.
If verified, you will receive an email from Instagram. In the event that you fail to confirm your identity, you will also receive an email inviting you to resubmit a video in the app.
Account without pictures of you:
If you select "No, I do not have pictures of me," you will submit the simple Support Form, and then receive an email asking you to provide the initial email address or phone number as well as the type of device (e.g. iPhone, Android, iPad) you used at the time of sign up.
Once you send them the requested information, you may not hear back right away. If you do not get a response within 3-4 business days, keep re-submitting the same information until you do.
Report an Impersonation Form (Help Center)
You might think this is not effective, but it's actually even better for verifying your identity than the Video Selfie. However, it takes a little longer to review. This is a Top 2 option, for sure. Click Here for the link to the form and a quick tutorial on how to maximize this option.
Request a login link from Instagram. Since the hacker has changed your password, tap on "Forgot Password?" (iOS) or "Get help logging in" (Android). You can choose to have Instagram send a login link to your email address or a security code to your phone number.
If none of your legitimate contact info shows up on the recovery screens (to send a code/link), refer above to the instructions to get to the Video Selfie/Support Form.
Last Resort Options
*If none of the above are working so far, Click Here for a couple of Last Resort/Hail Mary options which have been known to work, but are ultimately less reliable:
If you have been hacked, but can still access your Instagram, immediately:
Secure your email account. First, check for any emails you do not recognize in your sent and trash folders. Then, change your password so that it is both strong and different from your Instagram one.
Change your account password: (Settings⚙️ > Security > Password)
Make it strong and unique, and do not share it with anyone.
Enable two-factor authentication (2FA): (Settings⚙️ > Security > Two-Factor Authentication)
You can do this directly from your account settings. If you already have 2FA activated but you selected WhatsApp or SMS codes, switch the delivery method to a third-party authentication app instead as the hacker may have intercepted the recovery code sent to your phone.
Examine your login requests, remove any signed-in devices you no longer use (or which are connected to a hacker): (Settings⚙️ > Security > Login Activity)
View/Activate Backup codes. (These Backup codes allow you to access your account in the event you are having issues receiving your 2FA login code. Make sure to store them in a safe place.)
Update your Account Contact Information (remove any hacker info): (Settings⚙️ > Account > Personal Information)
Things to keep in mind with Instagram:
You need access to the email address linked to your account, otherwise you will not be able to verify your identity and fully recover your Instagram.
There is no customer service beyond the Help Center. You will not be able to get a hold of a representative and will be urged to consult the Help Center.
Keep a low profile. Do not publicly announce on social media that you have been hacked, as you will make the situation worse by attracting bots and scammers who might want to take advantage of the situation. It is safer to wait until your account has been fully recovered to post about the hack.