How Do Instagram Accounts Get Hacked—and How Can You Prevent It from Happening to You?
Your chances of getting hacked on Instagram increased tenfold in the last year. Here's how to protect your account before it happens to you.
Buckle up, social media users, because hackers are having a field day on Instagram. About 13% of Americans have been hacked on Instagram, according to NordVPN. And while hijacking on all social media platforms rose tenfold in the last year, Instagram users have taken the brunt of it. In a new Identity Theft Resource Center (ITRC) survey, 85% of the social media hacks reported to the group involved Instagram accounts. So, how do Instagram accounts get hacked?
This information is essential if you want to avoid losing all your vacay pics, first-day-of-school poses and cute pet posts. Yep, that’s right—those posts might disappear forever. Only 30% of users are able to recover their account after Instagram hacking. And that may be the least of your problems. Of all the online scams, “this type of identity crime has a profound financial and emotional impact on victims,” says James E. Lee, ITRC’s chief operating officer. More than 80% of ITRC’s survey respondents said they felt anxious and violated after they were hacked. Plus, cybercriminals could walk away with your money and the ability to create fake Instagram accounts in your name.
Here’s what you need to know about this type of hack and how to level up your Instagram account’s security with just a few simple steps. When you’re up to speed, find out how to recover a hacked Facebook account, just in case you’re hit with a hack there as well.
Get Reader’s Digest’s Read Up newsletter for more tech, humor, cleaning, travel and fun facts all week long.
How do Instagram accounts get hacked?
Hackers have all kind of tricks up their sleeves, and the bottom line is, you need to be smarter than they are. Luckily, a little knowledge will go a long way.
Phishing and other forms of social engineering
About half of hackers gain access through phishing links, when users click on a link in their direct messages on Instagram, according to Lee. “The links are usually in direct messages that appear to be from one of the victims’ Instagram followers,” he says. “But the follower’s Instagram has been compromised.” For example, you might receive a DM from a work buddy asking you to take a survey. You instinctively click on the link, and when you do, malware infects your device and gives the hacker access to your account.
In another common hack, you’ll receive “suspicious activity alerts” that appear to be from Instagram … but aren’t. These alerts contain links that will compromise your account. Variations on this theme include someone claiming that you infringed on their copyright or even offering you a verified badge.
Security breaches on other sites
Security breaches on e-commerce sites are the gifts that keep on giving to criminals—and they’re more common than you think. Let’s say you bought a cute top from a small business’s website, and that site is compromised. The hacker may now be within striking distance of your Instagram account. “Hackers will try those passwords on your other accounts and see if there’s a match,” says Samuel Mulder, PhD, an associate research professor at Auburn Cyber Research Center in Alabama. If your Insta password matches the one you used for this business, the hacker can easily get into your account. That’s why good passwords—and different passwords—are so important.
Whenever you connect to public Wi-Fi, your data is in danger. In an effort to lure you in, hackers sometimes create an open hotspot with a name that sounds similar to a common hotspot—for example, an airport or restaurant nearby. Then, when you try to connect, they steal your data and inject malware into connected devices.
Finally, you may unwittingly hand over your username and password to a hacker through a third-party app. This might happen when you download an app to schedule your posts or see who unfollowed you on Instagram. Some of these apps ask you to enter your password. Don’t do it! Download the wrong app and your account will be compromised. Wondering if you can see who views your Instagram profile? We have the answer.
What hackers can do with a hacked account
While an attack on your Instagram account feels very personal, it’s just business for hackers. Here’s the type of havoc they can wreak once they have access to your account.
Scam your followers
Cryptocurrency is the big scam at the moment—after all, who wouldn’t want to make some easy cash fast? Hackers will post as you on your account and encourage your followers to invest in bitcoin and other types of cryptocurrency. Of course, there’s no actual investment, only a scam that swindles money from unsuspecting friends and family members. “One victim told us that hackers took almost $10,000 from their followers,” says Lee.
Steal sales revenue
Hackers often target social media accounts with large followings. These influencers typically recommend products and get a percentage of the sales when someone purchases the product through their link. When an account gets taken over, that money funnels to the hacker instead of the influencer. In the ITRC report, 51% of victims reported losing sales revenue in this way.
In some instances, Lee says, the hacker will contact the account owner and demand a ransom to turn over the account. “Don’t pay the ransom,” Lee warns, “because you won’t get your account back and you’ll be out even more money.”
Make illegal requests
Hackers can use your account to set up drug deals or ask other Instagram users for pornographic photos. This isn’t only embarrassing—it can also get you in hot water with the authorities.
Sell your account on the black market
Hackers can sell an entire account on the “dark web,” a hidden part of the internet that’s available only on special web browsers. There, cybercriminals buy and sell Instagram accounts for the purpose of spreading propaganda or trying to scam your followers. According to PrivacyAffairs.com, a typical Instagram account fetches around $45, so it’s affordable to them but potentially devastating to you.
How to protect your Instagram account
Now that you know the answer to “How do Instagram accounts get hacked?” you probably want to do everything you can to avoid all this drama. Here are some simple steps to take.
- Activate two-factor authentication. This is a secret that hackers don’t want you to know: If you set up this safety measure, Instagram will give you a heads-up when someone logs into your account from a device that they don’t recognize as yours. You’ll receive a notification or be asked to enter a special login code. Since the hacker won’t have that code, you’ll stop most attacks in their tracks. Can Instagram be hacked if you have these safeguards in place? Unfortunately, some hackers may have sneaky workarounds, but it does provide a solid barrier. To set up 2FA, tap on your profile picture, tap settings and then tap security. Tap two-factor authentication, and follow the prompts. It takes just five minutes.
- Be skeptical. When a friend DMs you a link, you probably think nothing of it. But pause before you click: If it raises even a smidge of suspicion, it’s better to text your friend and ask, “Did you just DM me something?” The same goes if someone is requesting your phone number through an Insta DM. One way hackers have gotten around two-factor authentication is by posing as a friend and asking the victim for their mobile number.
- Become more password savvy. When hackers get passwords through a cyberattack on a store, for instance, they try using them on all sorts of accounts. If it matches your Instagram password, bingo—they’re in! At the very least, create strong “passphrases” (comprised of multiple words) for each site. Better still, consider using password manager software to generate strong passwords for each of your accounts and avoid making these common password mistakes.
- Vet third-party apps. Do your research online about third-party apps, and steer clear of ones that require you to hand over your password. Instead, look for apps that ask you to sign in on your own and then give access to certain things, such as posts or comments.
What to do if your account gets hacked
Yes, it’s human to want to commiserate and tell all your friends, “My Instagram was hacked!” Of course you’ll do that, but first you need to take a few important steps to protect yourself. No need to Google “what to do if your Instagram is hacked”—we’ve got all the links you need right here.
- Instagram’s Help Center: Hackers usually change Instagram emails, passwords and phone numbers as soon as they get access to an account. In case the hacker hasn’t done that yet, go to the help center and see if you can change your password. This is also where you’ll find information on setting up two-factor authentication and a recovery code in case your device is stolen.
- Instagram’s Abuse and Spam section: If you clicked on a link or gave out your information and then immediately realized it was a bad idea, come to this section for help. It will walk you through what to do, as well as allow you to report spam and phishing attempts.
- Instagram’s Hacked Accounts page: Head here if you’re locked out of your account. You’ll receive an email from Instagram, and you can also request a login link, a security code and support. Unfortunately, Instagram account recovery can be tedious, but our step-by-step instructions will make it a lot easier. That said, you’ll still likely have to go through a lengthy process to verify your identity.
Now that you know how Instagram accounts get hacked, find out about Facebook’s many scams, including Facebook Marketplace scams.
- NordVPN: “Fears Over Social Media Hacking Are Rising: Here’s How to Keep Your Account Safe”
- ITRC: “ITRC Consumer Impact Report”
- James E. Lee, chief operating officer of Identity Theft Resource Center
- Samuel Mulder, PhD, associate research professor at Auburn Cyber Research Center in Alabama
- Privacy Affairs: “Dark Web Price Index 2021”