A pillar guide to recovering a hacked Instagram account, securing email, checking login activity, removing suspicious access, and preventing another takeover.
Last checked: May 19, 2026. Instagram recovery steps may vary by account, country, device, and what the attacker changed. Use the official Instagram Help Center and in-app recovery flows.
Quick answer
If your Instagram account was hacked, secure your email first, use Instagram's official recovery flow, check security emails from Instagram, remove unknown devices and third-party apps, change your password, turn on two-factor authentication, and warn contacts if the attacker sent messages.
Do not pay "account recovery" services in comments, Telegram, WhatsApp, or direct messages. Many target people who are already stressed.
First secure your email
Your email account often controls Instagram recovery. If the attacker can access your email, they may intercept reset messages or undo your changes.
Start here:
- Change your email password.
- Turn on two-factor authentication for email.
- Review signed-in devices.
- Check email forwarding rules and filters.
- Secure the recovery email and phone number.
Then return to Instagram recovery.
Check Instagram security emails
Look for emails from Instagram about changed password, email address, phone number, or login activity. Instagram may include options to secure or reverse certain changes.
Be careful with fake Instagram emails. Do not click links from suspicious messages. You can also check Instagram's in-app security email section if you still have access.
Use official recovery
Use Instagram's official hacked-account help flow. It may ask for your username, email, phone number, device, or identity verification. Follow the instructions carefully and use accurate information.
If you lost access because the email or phone number was changed, the official recovery flow is still the safest route. Random recovery agents cannot magically restore your account and may steal more information.
If you still have access
If you can still open the account, act immediately:
- Change the password.
- Turn on two-factor authentication.
- Review login activity.
- Remove unknown devices.
- Check email and phone number.
- Remove suspicious third-party apps.
- Check linked Facebook/Meta accounts.
- Review recent posts, reels, comments, messages, and bio changes.
Take screenshots if the attacker posted scams or messaged followers.
If you lost access
If you cannot log in, use the app's recovery options and Instagram Help Center. Be patient and repeat the official process if needed. Do not create multiple contradictory recovery attempts with different information unless instructed.
Tell close contacts through another channel that your account may be compromised. Ask them not to send money, click links, share codes, or trust investment offers from your account.
Common signs of compromise
- Password no longer works.
- Email or phone number changed.
- Unknown posts, stories, reels, or ads.
- Messages sent to followers.
- Login alerts from unfamiliar locations.
- Bio changed to crypto, giveaway, or adult content links.
- Two-factor settings changed.
- Connected apps you do not recognize.
If more than one sign appears, assume the attacker had real access.
Protect business and creator accounts
If the account is used for a business, creator brand, school, or community, check every connected admin and collaborator. A takeover can damage reputation quickly because followers may receive fake investment pitches, product links, or brand collaboration messages.
Keep a separate record of page managers, agency users, and approved tools. Remove people who no longer work with you. If the account runs ads, also review payment methods and recent campaign activity.
Prevent another takeover
Use a unique password and store it in a password manager. Turn on two-factor authentication. Avoid login links sent through direct messages. Be careful with fake brand collaboration emails, fake copyright notices, and files claiming to be media kits or contracts.
Creators and business accounts should also control who has admin access through Meta tools and remove old collaborators.
Recovery scam warning
Scammers often reply to hacked-account posts with messages like "contact this expert" or "DM this person, they recovered mine". Treat those as scams. They may ask for payment, ID documents, login codes, or remote access.
Only use Instagram's official recovery and Meta support channels available to your account.
Evidence to save
Save screenshots of suspicious messages, changed profile details, scam posts, payment requests, and login alerts. If money, business ads, identity documents, or harassment are involved, this evidence can help with bank, platform, employer, or law-enforcement reports.
Also save dates and approximate times. A simple timeline helps you explain what changed first, when you lost access, and which followers or customers received scam messages.
FAQ
Can Instagram recover every hacked account?
Not always, but the official recovery process is the safest path. Success depends on what information is available and what the attacker changed.
Should I make a new account?
You can create a temporary account to warn followers, but keep trying official recovery if the original account has value, identity, business, or followers.
What if the hacker changed my username?
Use the official recovery flow with the information you still know: old username, email, phone, device, and identity details requested by Instagram.
Sources
- Instagram hacked account help: help.instagram.com
- Instagram Help Center: help.instagram.com
- CISA Secure Our World: cisa.gov
Before you move on
App account safety. Use this short checklist to turn the article into action.
- Review signed-in devices and remove unknown sessions.
- Turn on stronger sign-in protection for the account.
- Ignore recovery services promoted in comments or direct messages.
This guide is written for practical user safety. For account, platform, or legal decisions, confirm critical steps with the official help center or your service provider.