You can spot a phishing website by checking the URL, looking at the website’s content, reading reviews of the website and using a password manager that
Updated on April 11, 2024.
Instagram is a common target for malicious hackers. There were over one million social media account takeovers in 2022, and the most affected accounts were on Instagram. To prevent your Instagram from getting hacked, you should follow cybersecurity best practices such as setting a strong password, enabling Multi-Factor Authentication (MFA) and adding a backup email.
You may wonder why someone would want to hack your Instagram account. The most common reasons people hack Instagram accounts are to steal your personal information, distribute spam, scam your followers, or enact personal revenge or harassment.
Continue reading to learn how Instagram accounts get hacked, plus eight tips that can prevent your Instagram from getting hacked.
How do Instagram accounts get hacked?
To know how to prevent your Instagram account from getting hacked, you have to know how Instagram accounts get hacked in the first place. Here are some of the most common ways.
Weak credentials
Even though using strong passwords to protect your online accounts is strongly encouraged, many people still choose to use weak passwords. Cybercriminals can easily crack or guess these weak passwords, placing your accounts at a greater risk of compromise.
Public data breach
Public data breaches occur when a company experiences a data breach and sensitive information is exposed. Companies often store employee and customer data such as email addresses, credit card numbers and credentials. If your credentials are exposed due to a public data breach and you reuse your password across multiple accounts, cybercriminals could use that single password to access all of your other accounts that also use it, like your Instagram.
Falling for a phishing scam
A cybercriminal’s goal with phishing scams is to trick victims into disclosing their personal information by pretending to be someone they’re not and displaying a sense of urgency. For example, if you are targeted with an Instagram phishing attack, the cybercriminal may contact you pretending to be an Instagram representative and claim you need to log in to your account for some “urgent” reason. The message will contain a link to a spoofed website, which pretends to be the real Instagram page.
If you fall for the scam and enter your credentials into the fake log-in form, it sends your credentials straight to the cybercriminal. Once the bad actor takes your credentials, they can use them to access your account for malicious purposes.
Tips to prevent your Instagram from getting hacked
Here are eight tips to prevent your Instagram from getting hacked.
1. Use a strong, unique password
Using a strong password for your Instagram is important to protect your account from hacking attempts. Weak passwords are one of the most common ways that accounts get compromised. A strong password is at least 16 characters long with a random combination of uppercase and lowercase letters, numbers and symbols, and is not reused across any other accounts. This is because reused passwords make you vulnerable to credential-stuffing attacks, in which a cybercriminal uses one compromised password to get into multiple other accounts.
If you’re having trouble remembering your passwords, you should use a password manager which will remember all your passwords for you by storing them in a secure digital vault. It will also generate strong passwords and autofill them, making it quick and easy to log in to your Instagram and other accounts.
2. Enable multi-factor authentication
Multi-Factor Authentication (MFA) is an extra verification step in addition to your username and password that protects your account. It helps protect your account if your password is compromised because a cybercriminal could not gain access without this second method of verification. Cybersecurity experts recommend enabling MFA for every account, especially accounts prone to getting hacked, like Instagram accounts.
Instagram offers a few different options for MFA:
MFA Option | How it Works |
---|---|
Time-Based One-Time Password (TOTP) | A TOTP is received through an authenticator app, such as Google Authenticator or a password manager with an authenticator feature. Most authenticator apps are free to use. After setting it up, the authenticator will display a 6-digit code which changes every 30-60 seconds. When you log in, you enter the code along with your credentials to verify your identity. TOTP is the most secure MFA option for Instagram, and it’s also the quickest for logging in. |
SMS Text | Choosing SMS text will require you to enter a phone number you’d like to use to receive text messages. Then, when you make a log-in attempt, you will be sent a code via text. You enter the code to verify your identity. |
If you choose the SMS option, in some countries you can choose to receive the message on your WhatsApp account instead of through your mobile phone number. |
TOTP is the most secure option for MFA on Instagram because it is the least vulnerable to interception by cybercriminals. SMS text, on the other hand, can be intercepted with a method called SIM swapping. However, you should use any kind of MFA that is available because any type of MFA is better than none at all.
How to set up MFA for your Instagram
Here are the steps to enable MFA on your Instagram account.
- Tap your profile picture
- Select the menu icon
- Go to Settings and privacy
- Tap Accounts Center
- Tap Password and security
- Tap Two-factor authentication
- Tap either Authentication app or Text message (SMS)
- Follow the instructions to set either option up on your phone.
3. Select how to receive “login alerts”
Login alerts are an important feature that lets you know if someone has logged in to your account from another device. Instagram can send you these notifications by either in-app notifications or by email. Be sure to set up the notifications to be sent to where you are most likely to see them right away. That way, if someone does log in to your account, you can take action immediately.
How to set up how you receive login alerts
- Tap your profile picture
- Select the menu icon
- Go to Settings and privacy
- Tap Accounts Center
- Tap Login alerts
- Select your preferred method of contact.
4. Keep your phone number and email updated
Your phone number and email address are important contact information that is used for account recovery and to notify you of any security issues. Be sure to keep this information current.
How to change your contact information
If your phone number or email change, here’s how to update them in your account.
- Tap your profile picture
- Select the menu icon
- Go to Settings and activity
- Tap Accounts Center
- Tap Personal details
- Tap Add new contact
- To delete your old contact information, tap which one you want to delete and then select Delete
5. Check third-party apps in your security settings
Sometimes, you may connect third-party apps and websites to your Instagram account to log in to other websites or do other activities. However, to keep your data secure, you should only give third-party permissions when necessary and you should delete any permissions that you no longer actively use.
How to manage third-party app permissions
To manage your third-party permissions:
- Tap your profile picture
- Select the menu icon
- Go to Settings and activity
- Select Apps and websites
- View all third-party connections here, and select which ones you want to delete.
6. Learn how to identify phishing
It is common for cybercriminals to target Instagram users with phishing scams. To avoid being phished, you should exercise caution with any strange emails claiming to be from Instagram, especially if it has an urgent message such as threats to delete your account. If you do get such an email, you should first check the email address. Instagram says that you will only receive emails from them using the address “@mail.instagram.com.” Next, you should check if the link is legitimate by viewing the URL before clicking and seeing if it matches the official Instagram website address.
7. Block questionable accounts
You should keep your Instagram account in the ‘private’ setting and only accept follow requests from people you know. This will help prevent scammers from targeting your account. If an account you don’t know is sending you strange messages, especially messages with suspicious links, you should block them. They could be a scammer attempting to target you, and reducing their access to your account will help you protect it.
8. Only use secure WiFi networks
You should avoid public WiFi networks and only use WiFi that you know is secure. This is because cybercriminals also have access to public WiFi, and they may use that access to intercept your private information in transit. This is called a Man-In-The-Middle (MITM) attack. Avoiding public WiFi is important to protect any of your private data, including your Instagram account.
How to tell if someone has hacked your Instagram account
In addition to knowing how to prevent your Instagram from getting hacked, it’s just as important to learn the signs that point to your Instagram being hacked. Here are the signs to look out for.
1. You can’t log in to your account
One of the most telling signs that your Instagram account has been hacked is if you’re unable to log in to your account. You may enter your credentials multiple times but are told they are incorrect. This means someone was able to gain access to your account and change your password, essentially locking you out of it.
2. There’s unusual activity on your account
Another sign that someone has hacked your Instagram account is if you notice unusual activity such as posts being made from your account you didn’t publish or your followers receiving strange messages from you. As soon as you notice unusual activity like this on any of your social media accounts, it’s crucial to change your password immediately and enable MFA.
3. Your account information was changed
If you go into your Instagram account’s settings, you can check your account information which contains your name, email address and phone number. If you ever notice that your account information has been changed and it wasn’t you who made these changes, you need to update it back to your information immediately, change your password and enable MFA on your account before the threat actor locks you out of your account.
Protect your Instagram account from hacking attempts
For any account, including your Instagram account, using a strong, unique password and enabling MFA are the most important security steps to protect it. With just these two best practices, you can prevent most of the common ways that cybercriminals gain access to your accounts.
To experience how a password manager can make it convenient to follow these cybersecurity best practices, try out Keeper Password Manager. Once you download it, you can use it to set up a strong password and MFA for your Instagram account. Not only will your account be more secure, but logging in will be a breeze with Keeper’s autofill feature.