If your Instagram account was hacked, acting quickly can improve your chances of getting it back before the attacker changes recovery details or locks you out completely.
This guide explains how to recover a hacked Instagram account using Instagram’s official tools, identity verification steps, and account security checks.
What happens when an Instagram account is hacked?
A hacked Instagram account is one where someone gains unauthorized access and changes your password, email address, phone number, or two-factor authentication settings.
In many cases, the attacker may also send spam, post suspicious content, or use your account to target followers with phishing links.
Common signs include:
- You cannot log in with your usual password.
- You receive alerts about email or phone changes you did not make.
- Your profile picture, bio, or posts change unexpectedly.
- Followers report suspicious messages from your account.
- You are logged out from all devices without warning.
How to recover a hacked Instagram account?
The fastest recovery path depends on whether the attacker changed your login information.
Start with Instagram’s built-in recovery flow, then move to identity verification if needed.
Use a device and network you have used before, since Instagram may trust familiar login patterns.
1. Check for Instagram security emails
If your email inbox is still accessible, search for messages from Instagram about changes to your account.
Look for emails about password resets, email updates, phone number updates, or new logins.
If you see a change you did not authorize, use the “revert this change” or “secure your account” link inside the message if it is still available.
2. Try the login support option
On the Instagram login screen, tap Forgot password? or Get help logging in.
Enter your username, email address, or phone number, then follow the prompts.
If the attacker changed your contact information, choose the option that says you need more help or cannot access this email or phone number.
3. Request a login link or security code
Instagram may send a login link or security code to your email or phone number.
Open the message promptly and verify that it came from an official Instagram domain.
Do not share the code with anyone, even if they claim to be support staff; Instagram never asks for your verification code in direct messages.
4. Use video selfie or identity verification
If your account includes your photos and Instagram needs stronger proof, it may ask for a video selfie.
This process helps confirm that you are a real person and the rightful owner of the account.
In some regions or account situations, Instagram may request other identity information to verify ownership.
5. Submit a hacked account report
If you cannot regain access through the standard login flow, use Instagram’s hacked account reporting path.
Select the option indicating that your account was hacked, then follow the prompts carefully.
Be precise and consistent when entering your username, old email address, old phone number, and any recovery details that still belong to you.
What to do if the hacker changed your email and phone number?
When the attacker replaces your recovery methods, your original email or phone may no longer receive login codes.
In this situation, Instagram’s account recovery flow becomes more important than password reset alone.
Take these steps:
- Check whether Instagram sent a notice that your email address was changed.
- Look for a “revert this change” option in the message if available.
- Use the “need more help” path from the login screen.
- Complete any video selfie or identity verification request.
- Keep trying from the same device you used before the hack.
If your Instagram account was connected to Facebook via Meta Accounts Center, review whether Facebook recovery options can help you regain access to both accounts.
This is especially useful if the attacker compromised one platform but not the other.
How to secure your email and connected accounts first
Your email account is often the key to Instagram recovery.
If the attacker still controls your email, they may reset Instagram again even after you regain access.
Before or immediately after recovery, do the following:
- Change your email password.
- Turn on two-factor authentication for email.
- Review login sessions and sign out unknown devices.
- Check for forwarding rules, filters, or recovery emails added by the attacker.
- Update the password on any other social accounts using the same email.
Also inspect linked services such as Facebook, WhatsApp, and any password manager you use.
Reusing passwords across platforms increases the risk of repeated account takeovers.
How to protect your Instagram account after recovery?
Once you regain access, harden the account immediately so the attacker cannot return.
Instagram provides several security controls that can reduce future risk.
Change your password to a unique one
Create a strong password that you do not use anywhere else.
A long passphrase is often more secure and easier to remember than a short complex password.
Avoid personal details, common words, and reused credentials.
Enable two-factor authentication
Turn on two-factor authentication in Instagram’s security settings.
Authentication apps are generally more secure than SMS codes because they are less vulnerable to SIM swapping and text interception.
If you use SMS, make sure your mobile carrier account is also protected with a strong PIN.
Review login activity
Check the list of devices and locations that have accessed your account.
Log out of sessions you do not recognize.
If you see repeated suspicious logins, assume the attacker may still know part of your access chain, such as your email or phone recovery path.
Remove suspicious third-party apps
Some hacked accounts are linked to fake follower tools, automation services, or unauthorized analytics apps.
Remove any app or website connection you do not trust.
These integrations can expose your account token or login data.
How long does Instagram recovery take?
Recovery time varies based on how quickly you act and whether Instagram requires identity verification.
Simple password resets may take minutes, while hacked account cases involving video selfies or manual review can take longer.
Factors that affect recovery time include:
- Whether the attacker changed your email, phone number, or password.
- Whether you still control the original email account.
- Whether Instagram needs additional proof of identity.
- How accurately you complete the recovery forms.
When should you contact Instagram support through other channels?
Instagram generally routes recovery through its in-app and web-based support flows, but you may also need help from Meta support if your account is tied to business tools, advertising accounts, or a verified business presence.
If the hacked account is used for business, document the compromise quickly and preserve screenshots of suspicious activity, altered emails, and login notices.
Useful evidence can include:
- Original account creation emails.
- Security alerts from Instagram or Meta.
- Screenshots of profile changes or unauthorized posts.
- Payment records tied to ads or subscriptions.
- Any message showing the account was taken over.
What mistakes should you avoid during recovery?
Many account owners make the situation worse by reacting too quickly or trusting fake support messages.
Stay focused on official recovery channels and protect your verification codes.
- Do not pay anyone claiming they can instantly recover the account.
- Do not share one-time codes in direct messages or email.
- Do not click suspicious links in fake Instagram emails.
- Do not repeatedly submit conflicting recovery details.
- Do not ignore your email account security after regaining access.
By following Instagram’s official recovery process, securing your email account, and enabling stronger authentication, you can restore access and reduce the chance of another takeover.