Quick Answer

If your Instagram account was hacked, first try "Forgot password?" on the login screen. If your email was changed too, use the "I can't access my account" flow and complete a video selfie verification. At the same time, log out of unknown sessions, enable two factor authentication, and collect evidence. If there is financial loss or a threat, file a criminal complaint with a digital forensics report.

How Was Your Account Taken Over?

Instagram accounts are usually stolen not through a technical "hack" but because the user unknowingly shares their credentials. Knowing the most common methods matters for both recovery and prevention.

Phishing links

This is the most common method. Messages like "Your account will be closed for copyright", "You won a blue tick", or "You won a prize" redirect you to a fake Instagram login page. The domain in the address bar is not instagram.com but a lookalike. The moment you type your username and password there, your credentials go to the attacker. We explained how to spot fake links in our how to recognize a phishing email article.

Fake followers, verification and apps

Third party sites and apps promising "free followers", "who viewed my profile", or "blue tick application" ask for your Instagram login. Once you enter it, your account is taken over. Instagram never asks you to enter your password on a third party site.

SIM swap fraud

Using a fake ID or social engineering, the attacker convinces your mobile operator to move your phone number to their own SIM card. This lets them intercept SMS verification codes and reset your account. Your phone suddenly losing signal can be the first sign of this attack.

Malicious apps and spyware

Apps downloaded from untrusted sources can record your keystrokes or screen to steal your passwords. To check whether your phone has spyware, review the signs in our signs of spyware on your phone article.

Signs Your Account Has Been Compromised

Sometimes the attacker is inside even while you still have access. Watch for these signs:

  • You cannot log in and your password no longer works
  • You received an Instagram notice that your email or phone was changed
  • There are login alerts from unknown devices and locations
  • Your profile info, username, or photo changed
  • There are posts, stories, or DMs you did not send (often crypto or scam ads)
  • The accounts you follow or blocked have changed

Step by Step Account Recovery

Follow this order. If one step fails, move on to the next.

Step 1: Password reset link

On the login screen, tap "Forgot password?". Enter your username, email, or phone number. A reset link or code is sent to the email or number still in your control. This is the fastest path and usually works if the attacker has not yet changed your details.

Step 2: Login link and security code

Use "Get help logging in" on the login screen. Instagram sends a login link or a six digit security code to the email or phone tied to your account. Entering this code can restore your access.

Step 3: "My account was hacked" flow if email changed

If the attacker changed your email, Instagram sends you a notice titled "Was this you?". The "Revert this change" link in that email is very valuable, if you act fast you can cancel the change. So be sure to check the old email account registered with Instagram.

If there is no such link, follow the "I can't access my account" flow and select "My account was hacked".

Step 4: Video selfie verification

If your account has photos showing your face, Instagram asks for a short video selfie where you turn your head in different directions to verify your identity. This footage is for verification only and is not shared on your profile. Record in good light with your face clearly visible. This method is the strongest way to recover an account even without email or phone access.

What If Your Email and Phone Also Changed?

The hardest scenario is when the attacker changes the password, email, and phone. Do not panic, you still have options:

  1. Rely on video selfie verification. If you have photos showing your face, this is Instagram's most trusted method and works independently of contact details.
  2. Submit the request form. Open a support request from Instagram's "my account was hacked" help page and provide the original email or number used when creating the account.
  3. Do not hesitate to repeat the request. The automated system may not succeed on the first try, so try again every few days.
  4. For a business account, try reaching Meta Business support through your ad account.
Scenario First method Backup method
Only password changed Password reset Login link
Email changed "Revert" link (old email) Hacked account flow
Phone changed Password reset (via email) Video selfie
Everything changed Video selfie Support request + retry

Security After Recovery

Recovering the account is only half the job. To stop the attacker from returning, do these right away:

Change your password and end sessions

Set a strong password you have never used before. Then go to Settings > Accounts Center > Password and security > Where you're logged in and log out of every unknown device.

Enable two factor authentication

Turn on two factor authentication (2FA) without fail. Using an authenticator app instead of SMS is safer against SIM swap attacks. Store your backup codes somewhere safe.

Review connected apps and your email

Review the third party apps you granted access and remove any you do not recognize. Also make sure the email account registered with Instagram is secure and protected by 2FA, because if your email is compromised your account is at risk again.

Legal Dimension and Digital Forensics

Having your account taken over can constitute offenses such as "unauthorized access to an information system" and data alteration under Turkish law. If your account was used for fraud, threats, or defamation in your name, the legal process becomes even more important.

Collecting evidence for a complaint

You can file a criminal complaint with the public prosecutor or apply to the police. However, as most people do, simply taking a screenshot is often not enough. Because screenshots can be easily edited, their evidentiary value in court is questionable.

Why a screenshot is not enough

For solid evidence, the traces of the attack (login records, IP information, change timestamps, device details) must be preserved without breaking their integrity, in a verifiable way. This is where digital forensics comes in. A digital forensics expert establishes the chain of custody, proving the evidence was not altered from the moment it was obtained until it is presented in court. We detailed how the process works in our digital forensics process and chain of custody article.

What a digital forensics report provides

A forensic report prepared by an expert sets out, technically and legally, how the attack happened, which devices and connections were used, and the state of your data. This report carries strong evidentiary weight in prosecution and court proceedings.

DSET has been serving in digital forensics and data recovery since 2003 at Ankara Hacettepe Teknokent Beytepe Çankaya. With a 99.4% success rate, we prepare court ready forensic reports for account takeover cases. The first diagnosis is free, and if no data is recovered there is no charge. You can reach our experts at +90 536 662 38 09.

If you experienced a similar issue on a messaging app, our my WhatsApp account was hacked article will also help.

Frequently Asked Questions (FAQ)

How long does it take to recover my Instagram account? If a password reset or login link works, it takes a few minutes. If a video selfie or support request is needed, the process can stretch from a few hours to a few days. Repeating your request often speeds things up.

Can I recover with a video selfie if my photos do not show my face? Video selfie verification works best when the account has photos showing your face. Without face photos, Instagram tries to verify using other details such as the original email or phone used to create the account.

The attacker committed fraud from my account, am I responsible? If you prove with evidence that your account was taken over, your liability toward third parties may change and you are also a victim. That is why a forensic report and a criminal complaint matter. Document the situation as soon as possible.

Can I file a complaint with only a screenshot? You can, but since screenshots are easily altered they are weak on their own. A forensic report obtained with the chain of custody preserved provides a much stronger basis in court.

What should I do so the account is not stolen again? Use a strong, unique password, enable two factor authentication with an authenticator app, end unknown sessions, clean up connected apps, and secure your email account too. Never enter your credentials into suspicious links.

Sources