**If you landed on this post because you’ve had your Instagram account hacked, fill out this form + scroll to the bottom of this post for steps on what to do and who to contact to get your account back.**
I’m sharing my personal story of exactly how I had my Instagram account hacked, how you can avoid it and keep your account safe, what to do if your account is hacked, and my thoughts on Instagram’s need to provide better support for its creators.
On Friday afternoon, the unthinkable happened. My Instagram account @WTFab was hacked, and stolen right out from under me by Instagram hackers.
It’s basically every influencer’s worst nightmare—to have your Instagram account hacked. And while I take a couple precautions with my account like enabling 2-step verification and occasionally changing my Instagram password, I never actually thought it would happen to me.
The feeling of panic and nausea that swept over me when I received an email from the Instagram hackers telling me what had happened was so strong, I thought I might pass out.
Now, that might sound slightly melodramatic, but imagine working every day on your social media content, brand, and voice, and building your following over the last few years.
Imagine that all of that hard work and dedication has generated an income for you, and paid off in opportunities to partner with brands, experience restaurants, and trips, and build a community. Now imagine all of that is taken from you in an instant.
I hear it all the time on influencer podcasts and in discussions with my blogger girlfriends. Instagram is so important for our brands and our businesses right now because it’s so popular, but it could be gone tomorrow, so we still need to put time and energy into our blogs—the only platform where we truly own our content.
When we say this, or when I listen to industry leaders talking about it at events, there’s always the comforting caveat; “Now, I don’t think that’s actually going to happen anytime soon. But it could happen.” I was suddenly faced with the “could happen,” happening.
I’m sharing this story of getting hacked for a couple of reasons. I want other influencers to know exactly how this happened so that they can avoid getting their Instagram hacked.
And secondly, going through this experience made me realize how little Instagram cares about your account and helping you if you get hacked unless you’re Selena Gomez and someone is posting nudes of Justin Beiber from your account.
Since hackers have now found a way to bypass Instagram’s 2-step verification, and it is happening to other influencers right now at the hands of the same Instagram hackers, I hope that Instagram can rethink the type of support they provide. If they don’t, this type of extortion is only going to get worse.
How my Account was Stolen by Instagram Hackers
On Friday morning, I was trying to jam through a few emails that had been sitting in my inbox unattended to the last couple of days.
One of them was an email from a brand called Sheike, asking what my rates are for an Instagram collaboration (this is a real brand, and I found out later the hackers have been using several different brands and their Instagram names in these emails).
This is a really typical email that influencers receive daily. I scanned it quickly, clicked the link to Sheike’s Instagram page to check out their aesthetic, and responded back with my rates.
I was not brought to a login screen or asked to log into my Instagram account and enter my password and username (other influencers who received a similar phishing email were prompted to log in), but I was already logged into Instagram on my browser.
This was where the hack happened.
Here’s a look at the exact phishing email so you can be on the lookout for it and avoid it like the plague, as well as the three signs that I should have spotted and will now be paying close attention to in emails going forward:
The email address was [email protected]. This should have been a red flag to me, but I was hurriedly rushing through my inbox and I didn’t even look at the sender’s email.
While the Instagram link at first looked legit to someone rushing through their inbox, looking back on it I realize that Instagram links do not get shared in that format.
When you directly link to an Instagram photo, it looks something like this: https://instagram.com/p/BlgQs5dAsjZ/ when linking through the app.
Either way, the link in the email with the photo_135 is slightly off, and should have raised another red flag for me.
The URL when I hovered over the link
This is the most important part, and where the key learning lies.
If you look at the screenshot, the link looks like an instagram.com URL.
However, if I had taken the time to hover over the URL, I would have seen https://lindagram.ru/sheikeandco/ at the bottom left of my screen, which is obviously some phishing link.
A few hours later, I received the following email:
And that’s when the panic set in.
I immediately tried to open up Instagram to change my password but received a notification that I had been logged out of my account.
When I tried to log back in with my credentials, my username, email address, and phone number were all unrecognized and no longer associated with an Instagram account.
The hackers had changed everything associated with my account and log in, and there was no possible means of recovery. If I clicked forgot password, the new email address the hackers had set would receive the email. I was completely locked out.
I immediately texted a girlfriend of mine who works at Facebook asking for her help. She told me to send her screenshots and details so far, and she shared those in an internal Facebook group and created a security ticket asking for help as well.
It was a Friday afternoon, and not a single person responded. We texted back and forth, and as I stalled, the emails from the hackers started escalating, and I knew they would be threatening to delete my account shortly.
During this time I was also doing as much research as I could in the influencer Facebook group that I’m a part of, and I saw that this exact same thing was happening to other girls in the group too.
Some of them got lucky and had been able to recover their accounts by quickly changing their password before getting locked out.
Others, like me, weren’t so lucky and were asking for help and suggestions on what to do to get their account back.
I also started researching Instagram’s Help Center, which proved to be maddeningly useless.
There is absolutely zero support for someone who has been hacked. There is no one to reach out to, and their best advice if you’re unable to log in is to make sure you’re typing your email address or username correctly.
They do have a form you can fill out so that they can “hear about your experience” if you think you’ve been hacked and are still having trouble logging in. Not exactly helpful in a time of crisis.
I submitted my info to that form and never heard back.
And after posting about my experience on Insta Stories I had another blogger reach out and share that it took Instagram five weeks to help her get her account back after it was hacked. FIVE WEEKS.
When I think about the sponsored campaigns I’ve committed to over the next five weeks, and the $$ I’d lose out on if I didn’t have my Instagram account it makes me both sick and infuriated.
At that point, I decided to pay the ransom. Please note I don’t recommend doing this, as I’m hearing more and more of people paying the ransom and still not getting their account back.
They were asking for $800 and I was able to negotiate them down to $300. But they wouldn’t accept any form of payment other than Bitcoin (I tried to get them to agree to a wire transfer, and they gave me a half-complete address of a bank in Ukraine that wasn’t going to cut it).
They sent me a couple of websites like coinmama.com where you can make an account and buy Bitcoin, but in order to set up an account you have to get verified. I had to send photos of my driver’s license, photos of myself holding my driver’s license, and a written note with “coin mama” and the date on it.
I felt sick jumping through all these hoops just so I could send these hackers encrypted currency. But jump I did, and after sending all those photos I received an email saying that my account would be verified within 24 hours. 24 hours??
I tried to explain to the hackers that I was waiting to get verified, but they were growing impatient and more threatening. I was getting panicky again, and I just wanted all of this to be over.
I had the idea to call my cousin, whose husband is super knowledgeable about Bitcoin, to ask if he could send $300 worth of Bitcoin to the hackers on my behalf. This led to a four-way call with my cousin, her husband, and his friend who had Bitcoin readily available (shout out to Greg for comin’ through and helping a stranger out!!).
Once the Bitcoin was sent, the hackers said I’d have my account back in 30 minutes. I waited. An hour passed. Two hours.
I kept following up with them asking what was taking so long, but they had suddenly gone dark. Their original email said they would give me my account back within 10 minutes of payment.
What was going on? Had they lied and already sold my account off to someone else? Did they screw up because they’re amateurs and they’ve already lost and deleted my account?
I knew they had given other girls their accounts back once they had paid, but did they just randomly decide to screw me over?
I tried to be patient, but these thoughts were bouncing around and my intense anxiety grew with every minute that I didn’t hear back from them. Omied and I played Uno for like an hour to try to take my mind off of this horrible situation.
Finally, four hours later at 12:30 am, they sent me my log-in information and I was able to regain access. Praise be.
What to do if you’ve had your Instagram account hacked
If your account has been hacked, fill out this form (also embedded below), and then you’ll be able to contact Juan. Let him know that Elise/@wtfab referred you.
Juan has helped dozens of my blogger friends get their accounts back, and I just wish I knew about him and his services before my hacking incident occurred so he could have helped me.
I paid my hackers because I didn’t know about Juan at the time, but I strongly advise against this because more and more I’m hearing about people paying their hackers and still not getting their accounts back. At least if you pay Juan, you’ll know he’s only going to charge you if he can successfully recover your account and get your account back. Once you fill out the form you’ll receive a link to his website with his contact info as well as testimonials from other people he’s helped.**
Please do not message me asking “if Juan is really legit.” Sadly I receive many of these messages a day because so many people get hacked, and I can’t keep up with responding to them. Yes, he is trustworthy and has helped a lot of my friends recover their accounts. The best way to get in touch with him is to fill out the form and then send him a message on WhatsApp.
Save your handle.
For a couple of years my handle on Instagram was @wtfab1 because some abandoned account with a couple of photos had @wtfab. When I saw they had finally deactivated their account, I was so excited to scoop up @wtfab and ditch the “1.”
The way these hackers worked was that once they got into your account, they changed your username to something with a bunch of random numbers at the end (mine was wtfab_1809r) and deactivated it so that you wouldn’t be able to find it (note that deactivating your account is not the same as deleting it, because you can reactivate it).
Since my account had been changed to @wtfab_1809r, @wtfab was no longer a profile and could have been up for grabs if someone happened to want it.
So I set up a separate Instagram profile with my personal email address and took the handle @wtfab, so that no one else would be able to.
After the hackers gave me my original profile with the new @wtfab_1809r handle, I was able to change my @wtfab handle to @wtfab1235 so that my original profile could go back to @wtfab. Hallelujah.
Fill out the Instagram hack form
*This has been updated since my account was hacked years ago. When my account was hacked, there was no hacked account form to fill out for Instagram.
These days, there is there is an Instagram hacked account form you can fill out here. Part of the process may include submitting photos of yourself or a video selfie to prove your identity.
Once you’ve filled out the Instagram hack report form, you’ll get an automated message and hopefully hear back from their support team.
Report the URL to Google
Google has a site where you can report phishing sites here.
Key learnings to avoid having your Instagram account hacked in the future
Have 2-factor authentication on. Have 2-step verification on for all of the things. While it didn’t help in this case (the hackers didn’t need to send a security code because they stole my web browser session, where I was already logged into my Instagram account), you absolutely should have 2-factor authentication on to verify your identity.
Watch out for suspicious links. Be hyper-vigilant. Gone are the days when I’d try to breeze through my emails in an effort to get my unread emails number lower without paying serious attention to the sender’s email and all of the links (and links shown at the bottom of the screen when you hover over a link).
Do not log into your Instagram account from your web browser. If you’re trying to view Instagram content from your desktop, Instagram will require you to be logged in. Use a fake Instagram account instead.
After posting about this horrible experience on my Insta Stories I received so many DMs that were a combination of messages of support and commiserating. Many bloggers messaging me knew several other influencers who had also been hacked last week.
This. Is. SO. Messed. Up.
Feeling lost in the Instagram abyss while your whole digital brand flashes before your eyes is beyond sickening.
Instagram accounts predominantly get hacked by phishing links.
You can get your Instagram account back by hiring an angel hacker, who will retrieve your account for you.
Instagram is very slow to respond and they may or may not be able to help you get your hacked account back.
Looking for more business-related content? Find it here!
Elise Armitage is an entrepreneur and founder of What The Fab, a travel + lifestyle blog based in California. At the beginning of 2019, Elise left her corporate job at Google to chase her dreams: being an entrepreneur and helping women find fabulous in the everyday. Since then, she’s launched her SEO course Six-Figure SEO, where she teaches bloggers how to create a passive revenue stream from their website using SEO. Featured in publications like Forbes, Elle, HerMoney, and Real Simple, Elise is a firm believer that you can be of both substance and style.