You can also request support from Instagram via the app on your iPhone or Google Android device.
Here you will be asked to answer a few questions such as what alerted you to the compromise, and Instagram will offer you a login link or code to your email or phone – which of course will not work if hackers have changed the contact details associated with your account. If someone has breached your account and changed details such as your email address and phone number, you will need to work through the prescribed method via the Instagram Help Page. “If hackers haven’t changed your password and you still have access, get in and change it ASAP to something complex and unique,” says David Emm, principal security researcher at cybersecurity company Kaspersky. If at this stage you can still access your Instagram, it’s important to act quickly.
I realised someone had bought the domain, re-created the email account I had publicly visible on my Instagram, and used a simple password reset via email to kick me out.” “I opened up GoDaddy to try and buy the domain name again, and to my surprise it had been purchased less than an hour before I got logged out. The attackers were organised, taking advantage of the fact Osman no longer had access to the domain name and email address linked to his Instagram account. He regularly logged in with his user name and didn’t get around to setting up two-factor authentication. Osman’s Instagram business profile had been set up in 2014 and he didn’t renew the domain name and email address associated with his account when it ran out.
“It was one hell of an experience, and it shows even people in the industry can fall short of best practices,” he says. Within 15 minutes, Osman had recovered his Instagram account and locked the attacker out. He sent a password reset phishing email to encourage his attacker to click a link and enter their new credentials. When tech magazine founder Bashir Osman’s Instagram account was breached, he decided to hack the attacker.