Scam Message Checker

What to do if your Instagram was hacked

Regaining access fast limits misuse of your Instagram account and protects your followers.

Quick answer

Regaining access fast limits misuse of your Instagram account and protects your followers.

  • Use Instagram's account-recovery and 'my account was hacked' flow
  • Change the password and log out all sessions
  • Enable two-factor authentication
  • Secure the linked email
Most urgent

Do this now

  1. Use Instagram's official account-recovery flow.
  2. Reset the password and enable two-factor authentication.
  3. Warn followers about scam posts/DMs from your account.

Understanding what happened

A hacked Instagram is stressful, especially if it's tied to your livelihood, but the official recovery flow is designed for exactly this. The faster you start it and lock down the linked email, the better your chances of getting back in before the attacker entrenches themselves.

Most takeovers begin with a phishing 'copyright' or 'verify your account' message, or a stolen password reused from another site. Once in, attackers change the email and password, turn your account into a tool for crypto or giveaway scams aimed at your followers, and sometimes demand payment to return it.

Your email account is the real key: if attackers control it, they control password resets everywhere. Secure the email first, then use Instagram's account-recovery and identity-verification steps. Don't pay anyone promising to 'recover' the account - that's a scam targeting victims.

Once you're back in, reset the password, enable two-factor authentication with an authenticator app, review login activity, and remove unknown linked apps and sessions. Warn followers about anything posted in your name so the scam stops spreading through your audience.

First 5 minutes

  1. Use Instagram's account-recovery and 'my account was hacked' flow
  2. Change the password and log out all sessions
  3. Enable two-factor authentication
  4. Secure the linked email

First 24 hours

  1. Warn followers about scam posts or DMs
  2. Remove unknown connected apps
  3. Report the compromise to Instagram
  4. Check recovery email and phone

Next 7 days

  1. Review login activity and linked apps.
  2. Check email for unauthorised changes.
  3. Remove unknown sessions.

What not to do

  • Do not pay anyone who promises to recover your money for an upfront fee
  • Do not act on follow-up messages claiming to be the fraud team
  • Do not delete evidence before saving it

Evidence to save

  • Screenshots of the message and sender details
  • Phone numbers, usernames, links, and account or wallet addresses
  • Transaction references, receipts, and amounts

How to save scam evidence →

How to report

  1. Gather your evidence first (screenshots, dates, amounts, any reference numbers).
  2. Report to your national fraud/cybercrime body and, if money moved, to your bank.
  3. Find the right official links for your country in the reporting directory.

Find official reporting links for your country in the reporting directory.

  • Do not use phone numbers or links from the suspicious message - look up the official ones yourself.
  • Report quickly if money was sent or ID documents were shared; speed improves your options.
  • Keep your evidence - see how to save scam evidence.

Beware of recovery scams: no legitimate service guarantees getting your money back for an upfront fee.

Stop it happening again

Use a unique password and app-based two-factor authentication, and be wary of 'appeal' or 'verification' links in DMs and email.

Review login activity and connected apps periodically, removing anything unfamiliar.

Related scam types

Related red flags

Related terms

This is general safety information, not legal, financial, or cybersecurity incident-response advice.

Still have the message?

Check it to understand the red flags and how to report it.

Check a message

Frequently asked questions

How quickly should I act?

As soon as possible. Fast action - especially contacting your bank - gives the best chance of limiting harm or stopping a payment.

Will I get my money back?

Sometimes, if you act quickly, but there is no guarantee. Be very cautious of anyone who promises guaranteed recovery for an upfront fee - that is a recovery scam.

They changed my email - can I still recover it?

Often yes, via Instagram's official recovery flow, which can verify your identity another way. Act quickly and also secure the email account it was linked to.

Get scam safety updates

Practical scam alerts, new examples, and simple safety tips. No spam. No sensitive message data.

We only collect your email address, optional name, consent status, signup page, and signup time. See our privacy policy.