How to Recover a Hacked Instagram Account: Step-by-Step Guide (2026)

Discovering that someone has taken over your Instagram account is stressful, but knowing how to recover a hacked Instagram account can get you back in control faster than you might expect. Whether the hacker changed your password, swapped your email, or even altered your username, Instagram has built recovery tools specifically for these situations — you just need to know how to use them.

The good news is that in the vast majority of cases, you can recover your account. The process depends on how much the hacker changed, and this guide covers every scenario.

Signs Your Instagram Account Has Been Hacked

Before diving into recovery steps, it helps to confirm that your account has actually been compromised. Here are the clearest indicators:

• You receive an email from Instagram about a login from an unrecognized device or location
• Your email or phone number was changed — Instagram sends a notification to your original email when this happens
• You're suddenly logged out and your password no longer works
• Your followers report receiving strange DMs from your account (crypto scams, phishing links, or "investment opportunities" are the most common)
• Your profile has been altered — new bio, new profile photo, or posts you didn't create
• You see unfamiliar login activity under Settings > Security > Login Activity
• Your linked email address has been changed to one you don't recognize

If any of these apply, act immediately. The faster you respond, the easier recovery tends to be.

Step 1: Check Your Email for a Message from Instagram

This is the single most important first move when you realize your account has been hacked. Instagram automatically sends an email to your original address whenever a change is made to your account — including email changes, password resets, and new device logins.

Look for an email from [email protected] (make sure it's from this exact address and not a phishing email). If the hacker changed your email address, the notification email will include a link that says "revert this change" or "secure your account."

Click that link immediately. This is often the fastest way to undo the hacker's changes and regain access within minutes.

Important: These reversal links expire. If you see the email within the first few hours, the link should still work. If it has been days, you'll need to use the methods described below.

Step 2: Request a Login Link from Instagram

If you can no longer log in with your password and the email reversal link has expired, the next step is to request a login link directly from Instagram.

On iPhone or Android

1. Open the Instagram app and tap "Get help logging in" (Android) or "Forgot password?" (iPhone) on the login screen
2. Enter your username, email address, or phone number associated with the account
3. Tap "Send login link"
4. Check your email or SMS for the link and tap it to log in

On Desktop

1. Go to instagram.com/accounts/password/reset/
2. Enter your username, email, or phone number
3. Click "Send login link"

If the hacker changed both your email and phone number, this method may not work because the link gets sent to the new (hacker-controlled) contact information. In that case, move to Step 3.

Step 3: Use Instagram's Identity Verification Process

When you've been completely locked out — wrong password, changed email, changed phone number — Instagram's identity verification flow is your primary recovery path. This is the method that works even when everything else has been changed.

How to Access It

1. On the Instagram login screen, tap "Forgot password?"
2. Enter your username, email, or phone number
3. Tap "Need more help?" (sometimes labeled "Can't reset your password?")
4. Select "I can't access this email or phone number"
5. Follow the on-screen prompts to begin the identity verification process

What Instagram Will Ask For

Instagram uses different verification methods depending on your account type:

For accounts with photos of you (selfies, face visible):

• Instagram will ask you to record a video selfie — a short video where you turn your head in different directions so they can match your face to photos on the account
• This is the most reliable method and usually results in recovery within 24-48 hours

For accounts without photos of you:

• Instagram will ask you to confirm the original email address or phone number you used to sign up
• You may also be asked about the device you originally created the account on (make/model of phone)
• They may request details about recent activity prior to the hack

For business or creator accounts:

• Additional verification through linked Facebook pages or business documentation may be available

Step 4: Report the Account as Hacked to Instagram

If the standard recovery flow isn't working, you can file a formal report that your account has been hacked. This escalates your case within Instagram's support system.

1. Go to help.instagram.com in your browser
2. Navigate to Privacy and Safety Center > Report Something > Hacked Accounts
3. Alternatively, go directly to instagram.com/hacked/
4. Select the reason that best matches your situation:
   • "My account was hacked"
   • "Someone created an account pretending to be me"
   • "I can't access my email or phone number"
5. Follow the prompts to submit your report

Instagram's response time varies. Simple cases where the video selfie matches are resolved in 24-48 hours. More complex cases — especially those involving accounts with no selfies — can take one to two weeks. In rare cases, it can take longer.

Tips to Speed Up the Process

• Be persistent but patient. Submitting duplicate reports too frequently can slow things down. Wait at least 48 hours between submissions.
• Use the same device you originally used to set up the account — Instagram tracks device IDs, and a recognized device strengthens your claim.
• Respond quickly to any emails from Instagram support. If you don't respond within their window, the case may be closed.

Step 5: Secure Your Account Immediately After Recovery

Getting back into your account is only half the battle. If you don't secure it properly, the hacker can get right back in. Here's what to do the moment you regain access:

Change Your Password

Go to Settings > Security > Password and create a strong, unique password. It should be at least 12 characters, include uppercase and lowercase letters, numbers, and symbols. Do not reuse a password from any other service.

Enable Two-Factor Authentication (2FA)

This is the single most important security measure you can take. With 2FA enabled, logging in requires both your password and a second verification code.

1. Go to Settings > Security > Two-factor authentication
2. Choose your preferred method:
   • Authentication app (recommended) — use Google Authenticator, Authy, or a similar app
   • SMS text message — less secure since phone numbers can be SIM-swapped, but better than nothing
   • WhatsApp — available in some regions
3. Save your backup codes in a secure location (password manager, not a screenshot)

Revoke Suspicious Sessions

Go to Settings > Security > Login Activity and review all active sessions. Tap "Log out" next to any device or location you don't recognize. After doing this, change your password again to invalidate any cached sessions.

Remove Unauthorized Third-Party Apps

Go to Settings > Security > Apps and Websites and revoke access for any apps you didn't authorize. Hackers often install third-party apps to maintain backdoor access even after you change your password.

Check and Restore Your Email and Phone Number

Go to Settings > Account > Personal Information and make sure your email address and phone number are correct. If the hacker changed them, update them to your real information immediately.

Review and Delete Suspicious Content

Check your profile for posts, Stories, or Reels that the hacker created. Delete any spam content. Also check your DMs — hackers often send phishing messages to your followers. You may want to post a Story letting your audience know your account was compromised and to ignore any recent suspicious messages.

How Hackers Get Into Instagram Accounts

Understanding how accounts get compromised helps you prevent it from happening again. These are the most common methods:

• Phishing emails and DMs. The hacker sends a message that looks like it's from Instagram, asking you to "verify your account" or "confirm suspicious activity" through a fake login page. You enter your credentials, and they capture them instantly.
• Data breaches from other services. If you use the same password on Instagram as another site that was breached, hackers can try those credentials across platforms. This is called credential stuffing.
• SIM swapping. The hacker convinces your phone carrier to transfer your number to their SIM card, then uses SMS-based password recovery to take over your account.
• Malicious third-party apps. Apps that promise followers, likes, or analytics sometimes ask for your Instagram login. Once you provide it, they have full access.
• Public Wi-Fi interception. Logging into Instagram on unsecured Wi-Fi networks can expose your session tokens to attackers on the same network.

How to Prevent Your Instagram Account from Being Hacked

Prevention is always easier than recovery. These measures dramatically reduce your risk:

Use a strong, unique password. Your Instagram password should not be used anywhere else. Use a password manager like 1Password, Bitwarden, or iCloud Keychain to generate and store complex passwords.

Enable two-factor authentication with an authenticator app. SMS-based 2FA is vulnerable to SIM swapping. An authenticator app generates codes locally on your device and is significantly more secure.

Never click suspicious links. Instagram will never ask you to confirm your identity through a DM. Official communications come via email from @mail.instagram.com or through in-app notifications. Always check the sender address carefully.

Review login activity regularly. Make it a habit to check Settings > Security > Login Activity every few weeks. Unfamiliar sessions should be logged out immediately.

Keep your email account secure. Your email is the gateway to all your online accounts. If someone compromises your email, they can reset your Instagram password. Enable 2FA on your email account as well.

Be cautious with third-party apps. Only grant account access to apps you genuinely trust. Audit your connected apps regularly and revoke anything you no longer use.

For creators who have invested significant time building their Instagram following, account security is essential. Losing access to an account with thousands of followers can set you back months. Services like SocialzAI require no password or login access to deliver followers and engagement — a sign of a trustworthy growth service that prioritizes your account safety.

What to Do If Instagram Doesn't Respond

In some cases, the automated recovery process stalls. If you've waited more than two weeks without a resolution, here are additional steps:

• Try the recovery process again from the device you originally used to create the account — Instagram tracks device IDs, which strengthens your claim
• Submit a report through Facebook at facebook.com/help, since Meta handles both platforms and cases sometimes resolve faster through this pathway
• Contact Meta Verified support — if you have a Meta Verified subscription, you get direct human support that is significantly faster than the automated queue
• File a complaint with your local data protection authority if you're in the EU (under GDPR) or another region with strong digital privacy laws

Frequently Asked Questions

How long does it take to recover a hacked Instagram account?

Recovery time depends on your situation. If you can use the email reversal link, you can regain access within minutes. The video selfie verification method typically takes 24-48 hours. More complex cases that require manual review by Instagram's support team can take one to two weeks, and in rare cases, longer than a month.

Can I recover my Instagram account if the hacker changed my email and phone number?

Yes. Even if the hacker changed both your email and phone number, you can still recover your account through Instagram's identity verification process. Go to the login screen, tap "Forgot password," then "Need more help," and follow the prompts. Instagram will ask you to verify your identity through a video selfie or by confirming details about your account.

Will I lose my followers if my Instagram account is hacked?

In most cases, no. Once you recover your account, your followers, posts, and all data should be intact. However, if the hacker deleted posts or unfollowed people during the time they had access, those changes may be permanent. Some followers may also have unfollowed your account after seeing spam content posted by the hacker.

Does Instagram have a phone number I can call for hacked accounts?

No. Instagram does not offer phone support for hacked accounts or any other issues. All recovery is handled through the in-app recovery flow, the web-based help center at help.instagram.com, or through email correspondence initiated by Instagram's automated system. The only way to reach a human at Meta is through Meta Verified's paid support channel.

Should I create a new account if I can't recover my hacked one?

Creating a new account should be a last resort. Try all the recovery methods described in this guide first, and give Instagram at least two to three weeks to respond before giving up. If you do create a new account, you can report your old account as impersonating you (since the hacker is using it), which may lead to it being disabled.

How can I tell if an email from Instagram is real or a phishing attempt?

Legitimate emails from Instagram come from addresses ending in @mail.instagram.com. You can also verify by going to Settings > Security > Emails from Instagram in the app, which shows all official emails Instagram has sent you in the past 14 days. Phishing emails often use addresses like "[email protected]" or contain urgent language pressuring you to click immediately. When in doubt, navigate to Instagram directly rather than clicking any email links.