How to Recover a Hacked Instagram Account: Easy Guide

Direct answer: To recover a hacked Instagram account quickly and securely, the primary method depends on whether you still have access to the original registration email or phone number. If the hacker has changed these recovery details, open your mobile web browser and go to the official support portal at instagram.com/hacked. Indicate that your account was compromised, enter your username, and request a secure verification link. If the hacker has enabled two-factor authentication (2FA) on their own device, tap "Try another way" and select the Video Selfie Verification option. Instagram's identity algorithms will compare the video with the photos uploaded to your profile, sending a password reset link to your new secure email address within 48 hours.

How hackers compromise Instagram accounts: Common entry points

Instagram account hacking is typically carried out using social engineering, phishing campaigns, and leaked database credentials. A common scam involves hackers sending private Direct Messages (DMs) or fake security emails that look like official alerts from Instagram Support. These fake notifications claim that the user has violated copyright policies and will face account suspension unless they log in to verify their data using a provided link.

Once the victim clicks the phishing link, they are redirected to a spoofed page that mirrors Instagram's login interface. When the user enters their credentials, the hacker intercepts the data, logs into the real account, and quickly updates all security settings. This includes changing the email, phone number, and enabling new two-factor authentication (2FA) methods. This blocks the victim from using the standard password recovery tool.

Additionally, attackers often use credential stuffing attacks to gain access. If you reuse the same password across multiple online services and one of those databases suffers a leak, hackers can program bots to test your email and password combination on Instagram. Within seconds, automated scripts can identify valid login paths, access your profile, and execute security resets before you even receive a notification.

If your device runs slowly after interacting with suspicious links or downloading unofficial attachments, check our tips on how to free up space on iPhone. If your phone battery drains fast or the device fails to plug in securely, see our instructions on what to do when your iPhone not charging indicates hardware errors.

How to recover your account using instagram.com/hacked

To help users recover profiles when their contact information has been updated by hackers, Instagram created a unified help page designed for account recovery.

Follow these steps to use the official portal:

1. Open a mobile or desktop web browser and go to https://www.instagram.com/hacked.
2. Select the option "My account was hacked" from the checklist and tap Next.
3. Enter your username, registered email, or phone number in the search field and tap Next.
4. The portal will query its records and show options to send a security code.
5. If you do not recognize the email or phone number listed (because the hacker changed them), tap "Try another way" or "I don't have access to this email/phone number".
6. The app will redirect you to the advanced identity verification flow.

Step-by-Step: Recording a Video Selfie to verify identity

If the hacker changed your recovery info and turned on two-factor authentication, sending a video selfie is the only way to recover your account without access to the original phone number or email.

How the video selfie verification process works:

1. On the password entry screen in the mobile app, tap the "Try another way" link.
2. When prompted with the question: *"Do you have photos of yourself on this account?"*, select "Yes, I have photos of myself on my account". (If your account is a business profile without pictures of you, you will need to submit company documents instead).
3. Enter a new, secure email address that only you can access. Instagram will send a 6-digit confirmation code to this address. Enter the code in the app.
4. Grant the app permission to access your front-facing camera. Position your face in the center of the circular frame on the screen.
5. Follow the prompts on the screen by slowly moving your head up, down, left, and right as indicated by the arrows.
6. Tap Submit to upload the recorded video selfie to Instagram's verification servers.
7. Instagram's support team will review the video selfie. If it matches the photos on your profile, you will receive a secure password reset link at your new email within 48 hours.

If your phone freezes or shuts down while uploading the video file, see our troubleshooting tips on what to do when your iPhone keeps restarting or how to fix an iPhone stuck on black screen to restore stability.

Common reasons why video selfie verifications fail and how to avoid them

While the video selfie verification is highly efficient, many users experience repeated rejections from the automated security filters. To ensure your video selfie is approved on the first attempt, follow these best practices:

• Optimize lighting conditions: Sit in a well-lit room with natural light facing your face. Avoid harsh backlighting or dark shadows, which can obscure your facial features.
• Remove accessories: Take off any hats, sunglasses, heavy makeup, or face coverings that might hide your facial structure from the recognition software.
• Keep steady movements: Move your head slowly and smoothly in the direction of the arrows. Quick or jerky head movements can result in blurred video frames, causing the system to flag the capture as invalid.
• Use high-quality cameras: If your front-facing camera is scratched or dirty, clean the lens before starting. Low-resolution captures are automatically rejected to prevent identity fraud.

How to recover a hacked Instagram Business or Ads account

If the compromised account is an enterprise or business profile with active ads, a hacked account can expose your credit cards to unauthorized ad spend. You must take immediate steps to lock down the accounts.

Follow these steps to recover business profiles:

• Go to the Meta Business Help Center at business.facebook.com/help using a linked personal Facebook account that has admin permissions for the page.
• Look for the live chat button to connect with a Meta Support agent.
• Report the hack, providing your Ad Account ID, page URLs, and screenshots of the email alerts notifying you that you were removed as an administrator.
• Meta Support will open a ticket and pause active ad campaigns to prevent fraudulent charges while they verify your business documents.

Important security checks to perform after account recovery

Once you regain access to your profile, you must secure the account settings to prevent the hacker from logging back in:

1. Remove unauthorized devices: Go to Settings > Accounts Center > Password and Security > Where you're logged in and log out of all unrecognized devices.
2. Change your password: Create a new password with at least 12 characters, combining upper and lowercase letters, numbers, and special symbols.
3. Enable two-factor authentication (2FA): Use authenticator apps like Google Authenticator or Duo Mobile instead of SMS, which protects you from SIM swapping.
4. Revoke third-party apps: Go to the apps and website settings page and remove access for any suspicious or unverified third-party tools.
5. Secure your other messaging apps: If you suspect other apps were compromised, see our guide on how to lock WhatsApp with password to protect your chats, and read our tips on how to recover a hacked WhatsApp account.
6. Verify contact delivery: If your contacts report they cannot see your posts after recovery, check your settings to see if the hacker muted or blocked users. Read our guide on how to know if you are blocked on WhatsApp or see our tips on how to recover a banned WhatsApp account.

The official security alert email from Meta: The recovery link

Whenever an email address linked to an account is updated, Instagram automatically sends an alert to the old email from security@mail.instagram.com. This notification contains a button that says "Secure my account" or "Revert change".

If you click this revert link within the first 24 hours of the change, Instagram will instantly cancel the hacker's new email and restore your original address, allowing you to reset your password and secure your account without having to go through the video selfie process. Make sure to check the sender domain carefully to avoid fake phishing emails sent by scammers.

Legal steps to take if the hacker scams your followers

While the hacker has control of your profile, they may post fake investments or sell fake goods to scam your followers. To protect yourself from legal liability:

• File a police report: File a report for cybercrime or unauthorized computer access with your local police department. Save screenshots of the fake posts or stories created by the hacker to show that you were not in control of the account.
• Warn your contacts on other channels: Use WhatsApp, email, or other social profiles to let friends and clients know your account was hacked and to tell them not to send any money. If your web app fails to open after resolving device settings, see our guide on fixing WhatsApp Web not working.
• Ask followers to report the account: Have your friends search for your profile and tap the report button for impersonation or fraud. A high volume of reports will cause Instagram to temporarily disable the account.
• Check your primary email security: Hackers often gain access to Instagram profiles by compromising the linked email account. Log into your email provider, change your password, and check your email forwarding rules to make sure the hacker is not secretly receiving copies of your emails.

Alternative ways to secure your smartphone's operational integrity

In addition to securing the social app itself, your operating system plays a vital role in preventing hacks. Keeping your smartphone updated with the latest security patches is critical. OS developers patch software vulnerabilities regularly. If you run outdated software, malicious scripts on websites can exploit system backdoors to steal authentication tokens or session cookies. Avoid downloading files from untrusted third-party app stores, which bypass OS checks. Ensuring system-level protection guards your social media profiles and financial applications from unauthorized remote entry.

Conclusion

Recovering a hacked Instagram account is straightforward when you act quickly and use official recovery channels. By utilizing the instagram.com/hacked page, submitting a video selfie, and reporting business scams to Meta Support, you can successfully regain access to your social media profile and secure your digital footprint.

Frequently Asked Questions about Hacked Instagram Accounts (FAQ)