Your Instagram Account got hacked!

Jason Nunnelley
Jan 29, 2018 · 5 min read

I get an email, call, text, WhatsApp, Telegram, or some other communication virtually every day about a hacked Instagram account.

Most sites are hacked after the target victim clicked a link in an email promising verification status or some other official looking email. Check the From: email address. Chances are, it’s a misspelled version of Instagram or Verified.

They’ll probably change the new contact email address to one similar to yours to further assist their hack. If you were askjnun@gmail.com they’ll change it to askjnunn@gmail.com, as an example.

We’ll address reporting these offenses to the proper sources later on this page. Right now, you want to take action to get your account back!

First off, here’s Instagram’s official method of recovering your account on your own. Hint: you have to request help from within the app, which means you have to be logged in. Yes, it’s intentionally a catch 22 to slow down the annoying complainers. Just create a temporary account and get to reporting!

Instagram knows they have a problem.

You’re just not that important to them.

Don’t be lazy. Click on the expand elements of their support page and follow the instructions to the letter.

And, remember to look carefully at the email header when they email you to make absolutely sure it actually came from Instagram!

Relax. It’s going to take a while. Instagram doesn’t get exercised about ordinary people, no matter how important or cool you think you are. Unless you’re represented by a big name agency you’re just another of billions of people who use a Facebook service.

Communicate with them. Read the fine print. Expect a wait.

Now for some official ways people lose their accounts.

  • Famous people want it. If you share a name with a celebrity, and/or are fairly dormant on the platform, they can take your name.
  • You broke the rules. If you use Instagram to market live video (ahem, I think you know what I mean), you may get banned. You can also have your account closed for infringing on someone’s brand or abusing DM. Check out their Terms of Use, and keep in mind it can change.
  • You let an employee or contractor manage your accounts, so to Instagram it looks like they are the official owner. If your staff runs your social media and you don’t have an Agency of Record for your social media, you risk losing your account to a staffer who uses their personal account to manage your affairs.

Pay attention to details. Or, get hacked.

Not hacked yet?

  • Turn on dual authentication now.
  • Engage a social media company who deals with Instagram.
  • Be very careful of email you receive claiming to be Instagram.
  • Change your password periodically to log it out of other devices.
  • Don’t share your IG credentials with anyone but a respected agency.

How most of you get hacked

A hacker can request a password reset multiple times for your account with nothing more than your username.

Instagram doesn’t have any obvious safety protocols to stop someone from locking up your account this way. Once your account is locked up, they send you an email (because you probably contact IG that your account isn’t working).

The email looks convincing.

It’s got Instagram’s name, logos, very formal looking requests for ID proof are common. Then, you give them everything they need to ask Instagram to give them your account.

Or, they send you to a page to recover your account where you type in your Instagram username and password on a website that’s definitely NOT actually Instagram. Again, always look carefully!

Not particularly sophisticated is it?

There are also exploits that can break into accounts using much more sophisticated methods, and those aren’t hard to find with a little google search.

How do you get your account back?

Chill out!

The single worst thing Instagram users do is freak out.

Don’t freak out!

Why is freaking out so bad?

You do dumb stuff!

Like:

  • Paying the hacker.
  • Using more than one vendor to represent you with Instagram
  • Giving account info to hackers that are pretending to be Instagram
  • Hiring vendors who literally just use Instagram’s reporting portal

We have relationships at Instagram.

But it’s a company with personalities, moods, and changing staff.

So, sometimes stuff happens instantly.

Often it’s very time consuming.

A good agency is worth its fees

If you come to us after a hack YOU ARE NOT A CLIENT!

We can’t use our client / agency relationship status to push Instagram to act on your behalf. It’s very difficult for us to prove you are even the official owner of the account.

For a pre-existing client, recovering a stolen IG account is cake.

If a client gets hacked, we usually recover an account rapidly.

Even when IG is slammed it’s usually 24–48 hours (on week days).

Our client supporting relationship with Instagram is intended for clients and [not] meant to sell to people in trouble.

What’s the difference?

It’s about when you engage us.

If we’re your official Instagram representative before the hack, then we can immediately act on your behalf.

If you’re a client before the hack we just tell Instagram that we’re your social media company and they can see our administrative privileges on your account and immediately work with us as your representative.

When someone reaches out to us after the fact we have new hurdles to overcome. It’s so difficult a hurdle that we just don’t do this anymore.

So, what can I do?

Read this before you get hacked, preferably!

Engage a Social Media Agency so that you have someone who talks directly to Instagram, Twitter, and Facebook daily.

Those relationships move mountains in times of crisis.

Coming to us with a crisis for our first engagement is messy.

What if I’m on my own and my account gets hacked?

Do not give hackers account information.

I know, you’re not a tech person. You’re a personality, blogger, IG model, something that’s profitable for you. But, you’re going to have to calm down and learn something.

Email must be facebook.com or instagram.com

I’ve seen Instagrann.xx and all sorts of domains that are designed to trick Instagram account holders. Make sure you’re emailing Instagram.

In Gmail, you can go to the right side of the email and look for the drop down arrow. Click that and look for Show original.

You’re looking for a few things. But, truth is Instagram doesn’t go out of their way to make this easy. The DKIM and SPF are at best neutral.

The big thing is, are you emailing an Instagram.com or Facebook.com email address when you respond. If you’re clicking on a link, make sure it’s an Instagram.com or Facebook.com URL.

Learn more about controlling your account on Instagram’s help page.

A good read about the nightmare getting your account hacked can be is at MelvinBlog.com. It may help you get prepared.

Again, the only reason we’re faster as an agency is because when you’re an existing client we already established that we’re appropriate controllers of the account. And, we have existing relationships.

Giving us admin privileges allows us to represent the official account with Instagram ahead of time. And, yes we get VIP treatment that ordinary people submitting forms don’t enjoy.

There are some defensive moves to consider.

Consider hiring a media agency ahead of time if your Instagram account has value. This goes for Twitter, Facebook, and Instagram. A connected media agency can save you untold pain and suffering. They can even help you avoid violating important terms of service that can get your account legitimately suspended or deleted.

It always helps to hire the professionals before things go badly.

Jason Nunnelley

Written by

Building digital experiences.