My Instagram Account Was Hacked. How to Get Back In.

There comes a time when your Instagram account might get hacked. This happened to me and not only was it embarrassing, it was a time suck and a real pain in the ass to get back in.

How can an Instagram account get hacked?

There are many ways that your Instagram account can potentially be hacked. Some common methods include:

  • Guessing the account owner’s password through brute force attacks or dictionary attacks.
  • Using malware to capture the account owner’s login credentials.
  • Phishing attacks, where the hacker tricks the account owner into giving away their login information by pretending to be a legitimate company or website.
  • Taking advantage of vulnerabilities in the Instagram app or website.
  • Using a third-party app or service that has access to the account owner’s login information.

It’s super important to be cautious and protect your account by using strong and unique passwords, being wary of suspicious emails or links, and only using trusted apps and services.

How it happened to me

For me, it was a phishing hack that got me. Here’s what happened:

  • An ol’ high school “friend” sent me a message that said: I was trying to log into my Instagram page on my new phone and they ask me to find someone to help me receive a code, Instagram gave me suggestions from two friends and you are one of them, the other person is not online. Would you help me to receive the code please?
  • I agreed after he provided a good enough guess on where we met. He then said: You will receive my login link from Instagram, all you have to do is send it over to me. Please don’t click on it because it’s a one time link.
  • A text message was sent to my phone with an Instagram link that looked like this: Don’t share it.

Unbeknownst to me, that code was the secret access to my own account, not his. Granted this was early in the morning and I wasn’t thinking straight.

While I was logged into my own account, this link gave them direct access to my account. Instagram emailed me a message stating someone had accessed my account in New York. I immediately changed the password but to no avail.

He had full access using Instagram’s 2FA authenticator app. I had joined and first posted to Instagram in 2011, within months of their launch. This security feature did not exist nor was I aware of this function’s existence.

Apparently there is a new feature where friends can vouch for them to get back in but this wasn’t the case this time. My friend’s account was hacked.  The hacker scammed me and basically I had set my door to lock, threw the keys into my account, and locked myself outside.

Yes, I was locked out of my own account and no amount of password resetting helped me gain access. The 2FA authenticator app on his device hijacked all of my attempts to login.

This is where the real fun begins.

How to get back into your Instagram account.

Instagram’s support for hacked accounts is mostly useless, particularly when it comes to resolving issues with locked out accounts resulting from accounts using authenticators. Their system may offer assistance with minor issues, but they do not provide effective solutions for more serious hacks.

Let’s begin by addressing the fundamentals to assist you in regaining access to your Instagram account.

  • Try to reset your password. If you get an email from Instagram, at least you know the email for your account hasn’t been changed (yet).
  • Try getting back into your account using the selfie video feature. Instagram allows you take a video selfie and submit it to their team. Make sure you have a few selfies in your recent timeline so their team or bots can compare your selfie. I didn’t have a recent selfie so this didn’t work even though I tried several times.
    • The message I kept receiving from them was: We weren’t able to confirm your identity from the video you submitted. You can submit a new video and we’ll review it again
  • Contact Instagram support and try the various ways they offer to get back in to your account.

After a ton of research on Google and Reddit, I finally found one Reddit thread that shared how they were able to communicate with Instagram by saying they were concerned about their privacy and ultimately gain access to their account again.

Here’s how it worked for me:

  • Visit their Instagram Privacy Policy page
  • Choose “How do I contact Meta with questions regarding the Privacy Policy?”
  • At the bottom, “select I still have a question on how to exercise my privacy rights”
  • Fill out your country of residence, name and email and press send an submit the form

They will reply with a support ticket and a standard reply with links to the various ways to do so. Ignore all this.

  • Reply to their email focusing on privacy and data, not being locked out. Say something like:
    • “I am unable to exercise and manage my privacy rights as I have been locked out of my account.”
  • You’ll likely get another email in a day or so. If they don’t offer help to get in, reply with something like this:
    • “Thank you for your response, but I remain concerned about my ability to exercise my privacy rights as I cannot access to my account.”

If all goes well, in a few days or so, you’ll get an elevated support ticket asking you to provide an email address you want to be associated with your account.  The new email should not be associated with any account present or past. Once they receive the new email address from you, their specialist team may follow up with additional requests for information or documentation.

They will send you a confirmation from Instagram support to the email address associated with your recent correspondence. You will also receive an email from the Facebook support team to the email address you have recently provided.

You’re in good hands now. Support will ask the following:

  • Please tell us the problem you’re having with Instagram in as much detail as possible. Be sure to include your Instagram username, the email address associated with your account and any other identifying information that might help us find your account. You may also send us a screenshot.We also need to confirm that this Instagram account belongs to you. If your account is a personal account and has photos of you, please attach a photo of yourself holding a hand-written copy of the code: XXXX      Make sure that the photo you send:
    – Includes the code above written on a clean sheet of paper, followed by your full name and username
    – Clearly shows both the code and your face
    – Is saved and attached to your reply as a JPEG file
  • Explain what happened and send in their requested items

It took about 7 days for them to reply. When they did, they said they had secured the account and shared a password reset link to new email which will allow me to regain access to the account.

At this point the 2FA authenticator had been disabled and you can reset your password to gain access back to your account.

Congratulations if you made it back into your account! 

Once you’re in, make sure to check your account for any unwanted posts or stories the hacker may have posted while you were locked out. I saw a few direct messages they had sent to friends. Fortunately my network is smart enough to know that I wouldn’t post bitcoin scams.

Conclusion to getting hacked:

Use strong passwords, truly authenticate you are talking to your friend or family members by calling them, make sure they aren’t unknowingly scamming you, make sure the account that’s reaching out is actually their account and not a fake account, educate yourself and don’t fall for stupid scams like this.

How Instagram / Facebook / Meta can improve their security:

Instagram and Facebook team, if you’re reading this post, thank you for getting me back in.

Having said that, it was super frustrating getting back into my account so I hope you are in the process of making adjustments to make it easier for others to get back in. Here are some thoughts I had to make it a better experience for all that get hacked.

  • Add this text to your text message: Anyone with this code will gain access to your account. Don’t share it. 
  • Let users know about the 2FA authenticator option.
  • Allow for email password resets to work even though there’s the authenticator in place.