Learn from my Mistakes: 4 Ways to Avoid getting Hacked on Instagram

Exactly two years ago I wrote my original blog post to explain how my Instagram account got hacked, and how I got it back. Having quadrupled my following base on Instagram since, I have a lot to be grateful for. In particular for the fact that I was miraculously able to recover my Instagram account with 27k followers at the time. I am one of the lucky ones. Many people never get their accounts back after a hack, and have to start over.


I still get many phone calls and message of people desperate to get their accounts back, asking me for help. Let me tell you straight up, I cannot help. I am not an expert, I do not work for Instagram and I no longer have any contacts within the Meta group. All I can do is share what happened to me so you can learn from it, and provide you with tips to avoid getting hacked on Instagram in the first place.


How I got Hacked on Instagram

How I got my Hacked Instagram Account Back

The 5 Things I Learnt from Being Hacked on Instagram

4 Ways to Avoid getting Hacked on Instagram

Forewarned is forearmed: Prevent Yourself from Being Hacked on Instagram


Instagram user not found

How I got Hacked on Instagram

It was an ordinary Friday in July 2020. Well, ordinary for corona times of course. It was my day off from my work in medical project management. I had just posted a picture of my kitchen on Instagram, describing my failed attempt to recreate my mum's curry, which was leading to hilarious conversations. Allowed to go to the gym again, I jumped in the car and sped off. Upon arrival (I was a little early) I thought I'd quickly read my mail before going in.


In my inbox was a collaboration request, of which I receive many. It outlined a barter deal with suggested content, and a link to the Instagram account in question. The email didn't spark my interest but I was curious to see what account it was for, so clicked the link, logged into Instagram and viewed the account.


The email that got me hacked on Instagram
The email that got me hacked on Instagram

Looked pretty cool actually, albeit totally not my niche (fashion and lifestyle, rather than interior). I would answer them later to decline. I do remember thinking: a) why would they want ME to promote their products as it's not my section (but that happens more often if target audiences overlap) and b) why (as a large American account / company) don't they employ someone with fluent English? However, you must know, I work daily with people from all over the world. Not everyone speaks perfect English. I don't judge second language fluency, it is usually a sign that someone is particularly literate, often knows even more languages than I do and makes an effort to communicate with me. And as I mentioned before, I get these types of emails all the time. Little did I know it was a phishing mail. And of course this particular company had nothing to do with it.


My Instagram Account was Hacked Instantly

I completed my work out, walked back to my car and checked my phone. There were a number of new emails, but a few stood out. A number of them from Instagram in rapid succession: a new login attempt, I apparently changed my username, changed my email, and allegedly removed my phone number. And to please let them know if that hadn't been me making all those changes.


Then a 5th email:


Good day! We apologize for the inconvenience. Your account has been temporarily blocked!

It's perfectly safe and we haven't touched it. We are waiting for your reply 2 hours!

If you do not respond, we will start to clear your account (delete photos) and sell your account! We are waiting for your reply !


I felt my stomach drop. Surely this wasn't real? I tried to open Instagram but couldn't. Log in denied. No user found. I was whatsapping with an insta girlfriend that same moment and asked her to quickly check. She confirmed my worst fears; account gone. Please tell me this wasn't happening? Years of hard work, relationships, partnerships, my interior design business and creative projects gone, just like that? I raced home, told my husband to drop everything to help me, and jumped online to contact Instagram. Obviously I couldn't revert the changes. Was it me that made the changes to my profile? Of course not! But when I pressed the link to let Instagram know it just showed an error message. I researched how to report a hack, how to contact customer service, how to get this undone, but simply got nowhere. All methods listed on the site required some sort of identification, and the hackers had changed every single thing. There was nothing in their system anymore relating to me. I was on the phone with another insta buddy to work out the steps required, and in the meantime cursing myself for not having the 2-step verification security measures on. Why oh why did I not have that turned on? I have no idea! Didn't even realise it wasn't. I originally created my personal account many many moons ago, never used it, and converted it to a business account a few years back. Instagram never prompted me to review my security settings (or make it mandatory which I think they should) and it hadn't even crossed my mind to check. So dumb, I know.


Do Not Trust any Third Parties to Help you with an Instagram Hack - they are scammers too

At this stage I am visibly trembling, shaking and crying all at the same time. Close to vomiting really. Hubby found an Instagram customer service phone number online that offered assistance in these types of situations. I called, and yes! They could help me! They could help me log back in and get my account back. I was surprised, as Instagram is known to be impossible to contact, let alone speak to an actual human. Could it be as simple as a phone call? As they were requesting access to my screen, I got suspicious and did a quick google. I wasn't going to be scammed twice. Of course they were criminals too so I slammed down the phone (figuratively of course, as I wasn't actually going to smash my iPhone).


Defeated. Angry. So so upset. And that feeling of being personally violated. The cheek of those hackers to wish me a good day, and 'apologies for the inconvenience'. Inconvenience? This is my business you've just shut down in a matter of minutes! It may as well have been a shop that burnt to the ground.


In Contact with the Hackers

I was stuck between a rock and a hard place. And decided to contact the hackers. They were very polite actually, and of course very responsive, Assuring me that they had no real interest in my account, all they wanted was money. If I paid up I would get my account back. Clearly the initial thought was to tell them to F*&k off. But I was desperate. They wanted 285 USD. 285 dollars for my entire business; I wasn't sure to be relieved or offended. Of course I knew full well I was probably never going to see that money again, but I figured if there was even a 1% chance they would do as they said, it was worth it.


We had a little kitty of bitcoin of which I had forgotten its existence (set up during the rise of bitcoin, and left to its own devices after the rate did a nose dive). I figured this was my rainy day. So I paid. And waited. They emailed me back, telling me they were restoring my account and to give it 15 mins. That became thirty. An hour. And they kept responding to my emails. Politely. Telling me what there were doing. So I remained hopeful. Until I realised it really was never going to happen, and gave up.


I felt defeated

I was sitting on the couch completely numb. That same couch that's featured on Instagram so often. Blaming myself for being stupid and clicking on a link from my mobile, stupid for logging in again, stupid for not having my 2-step verification on and stupid for paying up. Thinking of the lovely conversations with my contacts on Instagram that now would think I just vanished. Thinking of the collaborations I had coming up and how I would explain my commercial partners that my platform was gone. Thinking of what to do next, but my head was so foggy. Insta buddies would start phoning and messaging me, offering me their support, suggestions and contacts of people who'd experienced the same. Wonderful people, and I am eternally grateful for their instant offline support. Real people, who I've met in a virtual world.


How I got my Hacked Instagram Account Back

Then hubby messaged me and said 'Quick, I need all your insta details - there might just be a way!' He remembered an old primary school friend who's made it big within Facebook (who owns Instagram - now Meta). He contacted her in California, she responded very quickly to say she could submit my case to an internal system reserved for friends and family of staff, which apparently then jumps the queue (or actually puts the request in a queue in the first place). She was heading off on her holidays however, and soon to be out of WiFi, so we had to get it in quickly. She had no idea what could be done, how long it would take, or what would be left of my account, if anything. She also added that everyone was snowed under due to corona.


People get hacked on Instagram all the time.

And then the wait started. People get hacked all the time I learnt. By then, I had read pretty much any article on the web about Instagram hacks and what to do, every possible scenario of what could happen (ranging from full recovery to everything lost) and the fact that Instagram is not really much assistance (if at all). I ended up finding a link on the log in page, where you get to after a few clicks, that says 'need more help?'. There I could tick a box that I had been hacked and submit a form with my original email address I signed up with, as well as a contact email address. It didn't matter which email address I entered (even complete dummy ones), the automated reply always came back with the same answer:



How devastating. Could everything really be gone? Surely Instagram has some sort of back up system in place? And the email itself was weird too. No subject. No logo. Twice hi. Even our friend who works for the company thought it was spam. But it wasn't.


I didn't hear anything for days and was a blubbering mess. I would even wake up hubby in the middle of the night to go and check his phone to see if there were any messages (which wasn't received with thanks mind you). Considered chopping his finger off to use the fingerprint ID to check his phone while he was sleeping. Because I wasn't. I was a walking zombie. We couldn't exactly keep bugging our contact either. She was on holidays, did the best she could, hubby hasn't seen or spoken to her in many years and I don't even know the girl (but boy do I love her).


I started receiving lots of messages through other channels. People found me via my website, or facebook, or had been given contact details through mutual friends. It made me even more determined to get back, I was actually being missed! Yes it's a virtual world, but it's the real people behind the accounts that are so lovely, and make it such a great community. I didn't care if I lost all photos, or nonsense bot followers, all my chances for commercial projects, as long as I could get back to my followers who genuinely like what I have to say and show every day.


What doesn't kill you makes you stronger

A few days later I decided this wasn't going to bring me down. What doesn't kill you makes you stronger. I'd be back. I wasn't sure yet how or when, but I was going to make a come back. Some said the forced break would do you good, but it didn't. I missed the Instagram world terribly. I had decided for myself I was not going to start anything new, until hubby's friend would tell me all is lost.


Instagram hand banner

The Process Through Official Meta Channels Took Time

It was two weeks later when hubby's friend let us know she received notification that they had 'picked up the case'. Oh Em Gee. Butterflies. But what does that mean? Overnight I received a standard email from Instagram saying: you've changed your email address. It was changed back to my own email address. Username still garble, but the email address was mine. They asked me to confirm my email, but obviously that didn't work. I had no password! Plus, it still said that funny username didn't exist! No instructions or anything. Useless. I was at a loss. It looked like progress, but now what?


Then I remembered that backdoor way of reporting a hack. I hoped that, because there was now an email address in the system that was mine, perhaps I would receive another automated email rather than the 'sorry nothing we can do' one. I submitted my details and yes! I received an automated email asking me for some more details, such as previous usernames, timing of hack, how it had happened etc. I submitted it thinking nothing would come of it, as I had read in so many other blogs. Or, I thought, perhaps I would be asked to submit one of those personal photo's holding a picture with a code. I couldn't ask our FB contact as it was the middle of the night on the other side of the world.


But then, very soon after, I received an email from Facebook, a proper one, in Dutch this time, that said: 'Thanks for verifying your identity. You're almost done with recovering your account.' And with instructions on how to log back in and adapt my account information. Were they for real? I was in the car and didn't dare trying on the mobile. I waited until I was back home and jumped on the laptop. Logged in and there it was. My account, fully in tact, with all my pictures and 27 thousand followers. As if nothing ever happened. Other than stats and concepts gone, everything was there. I was able to change the username back into my old one, changed a few details, changed my password and of course turned on the 2-step verification security measures.


Just like that, I had my hacked Instagram account back!

I was elated! Never did I think all my work would be fully recovered! I took a screenshot of my profile page to text to my friends, contemplating my first move back, thinking I would take my time to properly consider. But the news had already gone viral. My lovely online community picked up the news, ran with it, shared with all of their followers and celebrated together with me. It was as if I had come home again. The comments on my first post back were heartwarming and I cherish them so much. I also had the best sleep I had in weeks (after downing a bottle of wine).


The 5 Things I Learnt from Being Hacked on Instagram

Things I learnt from this ordeal are...

  1. Get your safety checks in order. Set up the 2-step verification. Change passwords. Don't have unnecessary log ins, or links to third party apps you don't even use. Don't click on dodgy links! Below I will give you 4 Ways to Avoid getting Hacked on Instagram.

  2. Don't pay hackers. They are c*nts.

  3. Instagram customer service is absolutely useless. I guess they can afford to lose a biggish account here and there. Truth is, they don't really care. I wonder what they had done though if Kylie Jenner lost her account.

  4. It's not what you know but who you know. Having an internal contact is absolutely gold. And in a case of a complete hack and takeover seemingly the only way to recovery when everything else seems a lost cause.

  5. My instafriends are real friends. And bloody good real friends. Humans made from flesh and blood. The support I received from fellow Instagrammers, some who I've met in person, and some I haven't, was simply overwhelming. My commercial partners willing to set up campaigns to help me get back on my feet. People providing me with log-in details of their cat's account to get back into Instagram (which I didn't by the way, but it's the thought that counts). It's a super nice community of which I am proud to be a part of.

It's not what you know but who you know.
Instagram log in screen - legs

4 Ways to Avoid getting Hacked on Instagram

It's not just me. There’s a wave of people getting hacked on Instagram lately. I somehow managed to get my account back but obviously prevention is better than cure. So what do you do?


1. Whatever you do, DO NOT click on sneaky links.

This is how most people get hacked on Instagram. These links come from anywhere and invariable ask you to log into Instagram. This should be an instant red flag as most of us would already be logged into Instagram on our devices (I should have known better).


These links can be sent in a variety of ways:

  • You could receive an email from a fake Facebook or Instagram email address. The email address you see that appears as the “sender” could be sneaky and fake. ALWAYS check the email address it is coming from by revealing the real email address (click on the email address or name you see as the sender to reveal the real address). Check my blog 'How do you know an email from Instagram or Facebook is a fake?' to verify whether an email from Instagram is real or not.

  • Fake brand collaboration (this is what happened to me). You might receive an email or DM from a fake brand (who appears to be legitimate). And they are inviting you to collaborate. They might send you a link to their Instagram account, website or for you to set up your profile on their “system”. If you are being asked to login with your Instagram account: Stop immediately. Always remember: Never log in.

  • Direct Message from a friend who got hacked

  • Fake Direct Message (DM) from an Instagram or Facebook account that pretends to be a real Instagram or Facebook employee or team. I receive these messages all the time: “We can help you get your account verified!” or “You have violated Instagram’s Rules and Policies. Your account will be disabled in 24 hours if you do not reply. Click this link now if you think this is a mistake”. NEVER click on their link. Instagram will NEVER send you a DM. Instagram will ALWAYS send you an email.

  • Clicking on a fake link. You could receive an email from a brand or person, with a link to click. The link might appear to be real. But links can be very easily faked. Here’s how to check if it is a real link: Right click on the link > Copy the link > Paste it in your Notes app > You will see what the link truly is. Sometimes, the text of the link in the email appears to be a real link like “https://instagram.com“. Or it can be a different word, like “Click here to see my account”. But in the “backend”, the link is actually something completely different. This tricks you into thinking it is a real Instagram link.

  • Playing games (and the game asks you to login to your Instagram account to play).


Example of an Instagram email scam
Example of an Instagram email scam

2. Update your Instagram email address and phone number

Go to your Instagram settings and make sure your email address and phone number are up-to-date. Your email address and phone number are how Instagram can contact you and send you information to get your account back. So make sure they are up-to-date.


3. Set up two-factor authentication

I cannot stress this enough. This would have made the difference for me. Two-factor authentication is a security feature that helps protect your Instagram account and your password. If you set up two-factor authentication, you’ll receive a notification or be asked to enter a special login code when someone tries logging into your account from a device that Instagram doesn't recognise.


To turn on two-factor authentication from the Instagram app:

  • Tap profile or your profile picture in the bottom right to go to your profile.

  • Tap more options in the top right, then tap Settings.

  • Tap Security, then tap Two-Factor Authentication.

  • Tap Get Started at the bottom.

  • Choose the security method you want to add and follow the on-screen instructions.

When you set up two-factor authentication on Instagram, you’ll be asked to choose one of two security methods:

  • Login codes from a third party authentication app (such as Duo Mobile or Google Authenticator). Note: Two-factor authentication through an authentication app can only be turned on using the Instagram app for Android and iPhone.

  • Text message (SMS) codes from your mobile phone.

You'll need to have at least one of these set up in order to use two-factor authentication.


4. Beware of third-party apps that are NOT approved by Instagram

Not all third party apps are bad. Some are even quite useful. Just be selective in what you use and if you cannot verify its authenticity, and if they're approved by Instagram or not, ask yourself if you really need to use this app or not. If the answer is no, don't take the risk.


Forewarned is forearmed: Prevent Yourself from Being Hacked on Instagram

Two years ago I wrote my blog on how my Instagram account got hacked, and how I got it back from a cute AirBnb in Cabañal in Valencia, while we were house hunting for our own place in the Valencian country side. I had just about giving up ever getting my Instagram account back, and was reconsidering the future of my newly set up interiors business. Now, 2 years later, I am writing this blog from my finca in Vilamarxant, Valencia, the property we found on the very day I got my Instagram account back. Since that day, my Instagram account quadrupled in size, I got offered a job as a tutor with The Interior Design Institute, quit my career in the medical industry and grew my Instagram presence as interior influencer with commercial partnerships stretching from my home in The Netherlands to our paradise in Spain.


I realise I was very lucky and I am very grateful for the second chance I have been given. In the end I was only 'off air' for 2 weeks, but it felt like 2 years, accompanied with lots of stress and tears. And as I am now getting close to celebrating the magic number of 100.000 followers of my Instagram account I feel it's only fitting to give back to the community that has given me so much, by providing tips to prevent people from this heartbreak. Hopefully my story helps prevent a hack or two.

<