Cybersecurity 
Managing user access across the entire employee lifecycle has become increasingly complex for modern IT and security teams. From provisioning new hires and modifying existing permissions
6 min read
Published on August 02, 2023
Updated on November 19, 2025.
Your Instagram account is more than just a place to showcase your personal interests; it’s also connected to your digital footprint and private information that’s valuable to cybercriminals. Many Instagram accounts are compromised due to weak or reused passwords, public data breaches or phishing scams designed to steal your login credentials. To prevent your Instagram from getting hacked, use a unique password, enable Multi-Factor Authentication (MFA) and set up login alerts.
Continue reading to learn the eight steps you can take to secure your Instagram, how to recognize if your account has been hacked and ways to recover access.
1. Use a strong, unique password
Weak or reused passwords are among the leading causes of account compromise. Be proactive by using a strong password that is at least 16 characters long, with a combination of uppercase and lowercase letters, numbers and symbols. Avoid using personal information or reusing the same password across multiple accounts because doing so makes you vulnerable to credential-stuffing attacks.
Consider using a password manager like Keeper®, which securely stores all your credentials in an encrypted digital vault. It automatically generates unique passwords for each account and autofills them when you log in. A password manager not only simplifies credential storage but also helps ensure each account, including Instagram, stays protected with strong, unique passwords.
2. Enable Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) adds an extra layer of protection to your Instagram account beyond your username and password. Even if your Instagram password is stolen, MFA can prevent unauthorized access by requiring a second form of verification. When you enable MFA on Instagram, you will be asked to choose one of these methods:
| MFA methods | How it works |
|---|---|
| Authenticator app | Use an authenticator app like Google Authenticator or Keeper to generate Time-based One-Time Passwords (TOTPs) . You can connect multiple devices to receive login codes, but the setup must be completed through Instagram’s mobile app. |
| Text message (SMS) | With SMS authentication, Instagram sends a One-Time Password (OTP) code to your registered phone number each time you sign in. This method is convenient but can be vulnerable to phishing attacks or SIM swapping. |
| If you enable the SMS option, you can choose to receive OTP codes via WhatsApp. Like SMS, this method is also vulnerable to phishing attacks or SIM swapping. |
TOTP-based verification through an authenticator app remains the most secure MFA option on Instagram. However, any form of MFA is better than none, as an extra layer of protection reduces the risk of unauthorized access, even if your password is stolen.
How to enable MFA on Instagram
- Tap your profile picture
- Select the menu icon
- Tap Accounts Center, then Password and security, then Two-factor authentication
- Select either Authentication app or Text message (SMS)
- Follow the instructions to complete the setup for the MFA method you choose
3. Set up login alerts and monitor Instagram activity
When enabled, Instagram’s login alerts notify you if someone attempts to log in to your account from an unfamiliar device or location. By monitoring your account activity and login history regularly, you can act quickly by changing your password or revoking access to prevent a potential cyber attack.
How to set up login alerts on Instagram
- Tap your profile picture
- Select the menu icon
- Tap Accounts Center
- Choose Password and security
- Under Security checks, tap Where you’re logged in to see all devices currently logged into your Instagram account
- If there are any unfamiliar devices, tap on the device name and select Log out
- Enable Notifications to receive messages about suspicious login attempts
4. Keep your contact information updated
If your email address or phone number is outdated or incorrect, you could lose access to your Instagram account, or a cybercriminal might redirect recovery attempts using their own contact information. Keeping your contact information current also ensures you receive security alerts about login attempts, password reset requests or other suspicious activity on your account.
How to update your contact information on Instagram
- Tap your profile picture
- Select the menu icon
- Tap Accounts Center, then Personal details, then Contact info
- Review your email address and phone number, and if any information is outdated or incorrect, tap Add new contact or Edit
- Verify your new details through either a confirmation email or a text message sent by Instagram
5. Review connected third-party apps
Third-party apps can enhance your Instagram experience, but each app you authorize may jeopardize the security of your account. Regularly review and manage all apps connected to your Instagram account to maintain strong security. By removing unused or suspicious apps, you can minimize the number of potential attack vectors that cybercriminals could exploit.
How to manage third-party app access on Instagram
- Tap your profile picture
- Select the menu icon
- Scroll down to the Your app and media section, then tap Website permissions
- Go to Apps and websites, then review the Active list and remove any apps and websites that you no longer use or don’t recognize
6. Learn how to identify phishing attempts
Phishing is one of the most common ways cybercriminals compromise Instagram accounts. They may send emails, text messages or direct messages that appear to come from Instagram’s official account, asking you to click on a link or share your login credentials. Falling for these kinds of phishing scams can give cybercriminals full control over your Instagram account, even if you have a unique password and MFA enabled. Some major signs of phishing attempts include unsolicited messages requesting personal information, messages with suspicious links or attachments, urgent language and slightly altered URLs or sender domains that impersonate Instagram.
7. Block and report suspicious accounts
Suspicious Instagram accounts can attempt to hack your account, send you phishing links or cyberharass you through spam and scams. Blocking and reporting suspicious users helps protect both your account and other Instagram accounts from falling victim to being hacked.
How to block and report suspicious Instagram accounts
- Find the account you want to block
- Select the menu icon
- Tap Block
- If the account is sending spam or malicious content, tap Report and follow the prompts on the screen based on the specific circumstances
8. Only access Instagram over secure WiFi networks
Public WiFi networks, including those in coffee shops, airports or hotels, can be convenient for on-the-go use but are also risky. Cybercriminals can intercept data sent over unsecured networks through Man-in-the-Middle (MITM) attacks, potentially stealing your Instagram login credentials. If public WiFi is your only option, connect through a trusted Virtual Private Network (VPN) to encrypt your connection before logging in to Instagram.
How to tell if someone has hacked your Instagram account
Even with strong security measures, it’s important to be able to recognize the signs of unauthorized access. Here are the main signs that your Instagram account may have been compromised:
- Inability to access your account: If you suddenly cannot log in to Instagram with your usual login credentials, a hacker may have changed your password and taken control of your account.
- Suspicious login activity: Login notifications from unfamiliar devices or locations are a strong sign that your account has been hacked. Check your Instagram settings to confirm which devices are logged in, and log out of any sessions you don’t recognize.
- Changed account information: If your email address or phone number has been altered without your permission, a hacker may have updated them to lock you out. Updating your account with the correct information and enabling MFA can prevent further unauthorized access.
- Unfamiliar followers, posts or messages: Unexpected posts, likes, messages or followers you don’t recognize often mean that someone else is using your Instagram account. By quickly removing unauthorized content and reviewing active sessions, you can regain access to your account and protect your privacy.
Protect your Instagram account from hacking attempts
Protecting any of your online accounts requires a strong and unique password, MFA and regular monitoring of connected apps. A password manager like Keeper makes it easier to follow these best practices by generating and storing passwords, managing MFA codes and safely autofilling credentials. With Keeper, your Instagram account and all your other online accounts can stay protected against unauthorized access and other common cyber threats.
Frequently asked questions
Why do people hack Instagram accounts?
People hack Instagram accounts for several reasons, primarily related to financial gain or identity theft. Cybercriminals may hack into accounts to scam followers, spread phishing links or gather personal information for future cyber attacks. In some cases, hackers target successful business or influencer accounts to steal money or damage reputations.
Can you get hacked by accepting a follow request on Instagram?
No, accepting a follow request on Instagram will not cause your account to get hacked. However, hackers may use fake profiles to gain your trust over time and may send you a phishing link or malicious message in the future. It’s safest to be cautious when engaging with unfamiliar accounts and to avoid clicking on suspicious links, even if the URL appears legitimate.
Can I know who hacked my Instagram?
No, the identity of the person who hacked your Instagram account will remain unknown. However, you can check your login activity to determine the approximate location, type of device and time of unauthorized access. Although this information won’t reveal the hacker’s identity directly, it can help confirm a breach and guide your next steps in securing your Instagram account.
