Posted: 5 Min ReadGen Archives

Has Your Instagram Been Hacked?

ITRC offers tips on how to avoid this common social media scam


Identity theft involving social media has been around for a long time. Sharing too much information online can put you at risk of a social media scam and scammers can commit these scams in many different ways.

One thing on the rise is hacked Instagram accounts.

As the President and CEO of The Identity Theft Resource Center (ITRC), a leader in identity theft prevention and providing victim services, we have seen many social media scams involving hacked Instagram accounts. In September 2021, we received four times the number of inquiries regarding hacked Instagram accounts than in a typical month and we then saw an 80% increase in inquiries regarding Instagram account takeover from October to November 2021. January reporting saw the same number of inquiries as November; this is clearly an increasing trend.  

How do Hackers Hack Instagram?

One tactic a scammer uses is impersonating people their victims know and getting their personally identifiable information. Some victims are finding themselves locked out of their Instagram account, and scammers are posting things in hopes of scamming other people. 

Some victims report they did not give their information to a scammer, and they still had a hacked Instagram account or suffered an  account takeover. While it appears people are being targeted in multiple ways to get login information, their account information may also have been accessed using information from  breaches that include Facebook login information, particularly if the username and password were never updated. 

We’ve also seen victims’ Instagram accounts spoofed using the victim’s public pictures. Cybercriminals follow the same people the victim follows and send them messages with a scam or malicious link.  

Recently, we’ve received reports of victims having their Instagram accounts hacked after falling for a bitcoin scam. Victims report their “friend” (whose account has been taken over) posts on Instagram about how much money they make while investing in bitcoin. Once the victim shows interest, they are asked to make a video saying how much money they made. Then they are asked to give over their Instagram credentials and send money so they can also be part of the investment. However, they get locked out of their account, and their contact information is changed. The scammer then uses the account to start posting about the bitcoin scam.   

The increase in hacked Instagram account cases is no surprise when you look at the cost of the credentials. According to Digital Shadows, a hacked Instagram account on the dark web  costs $45. For context, the price for a  Social Security number  on the dark web is only $2.


What You Can Do to Avoid A Hacked Instagram Account 

  • Never share your password or any personal information with anyone else. Scammers play on people’s emotions and build trust with their victims. While scammers can be persuasive, passwords, PINS, codes or any other type of sensitive information should never be shared with anyone. 
  • Make sure your password is strong. Use a 12+ character  unique passphrase. It makes it more difficult for hackers to crack your account and are easier for you to remember. 
  • Use two-factor authentication (2FA) on your account. 2FA gives you  an added layer of security, making it harder for criminals to hack your account. To use 2FA on Instagram, go to “Settings,” “Security,” and tap “Two-Factor Authentication.” Tap “Get Started” and select either “Authentication App” or “Text Message.” We recommend you use an authentication app because text messages can be spoofed. 
  • Make sure the email associated with the account is secure. A secure email account is an account that has security enhancements to offer more protection. If it is not secure, it could make it easier for hackers to access your account and any other accounts associated with that email. It is also a good idea to secure your email with 2FA. 
  • Don’t download third-party apps within a social media platform. If third-party apps have your information, you may not know where it is being stored or how it is being stored. It is another place for hackers to get their hands on your valuable Instagram account credentials. Only download applications from the recognized application stores from Apple, Google, and Microsoft.

For more information or if you believe you were the victim of an identity crime, our expert advisors are always available to walk you through the process of resolving your case. You can call 888.400.5530 toll-free or live-chat on our website to speak with an expert advisor. Just visit to get started. 

Did you know NortonLifeLock recently introduced Social Media Monitoring, which helps protect against social media account takeovers and cyberbullying? Social Media Monitoring is now included in LifeLock Ultimate Plus and Norton 360 with LifeLock Ultimate Plus. For more information, please visit

About the Author

Eva Velasquez

President/CEO, Identity Theft Resource Center

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.