Skip to main content

Instagram begins testing new procedures to help users regain access to hacked accounts

Instagram begins testing new procedures to help users regain access to hacked accounts


Verification codes sent to the account’s original email address

Share this story

Photo by Amelia Holowaty Krales / The Verge

Instagram says today that it’s testing new features that might make it easier for people to regain access to accounts that hackers have overtaken, Motherboard reports. The news follows reports from users about losing access to their valuable accounts, as well as a separate Motherboard story about how some of these victims turned to white-hat (or well-meaning) hackers for help. Attackers often trick Instagram users into clicking a phishing link that requires them to enter their login credentials, which gives them access to the account. Once they’re in control, the hacker will change the account’s associated email address and phone number, which can make regaining access a nightmare.

Today, Instagram’s rolling out a test that will ask users to enter the email address or phone number linked to their account, or the ones they used when they initially signed up for the platform. Instagram will then send a six-digit code that’ll allow them to regain access. If a hacker has control over their email and phone number, too, an Instagram spokesperson tells Motherboard that, “When you re-gain access to your account, we will take additional measures to ensure a hacker cannot use codes sent to your email address [or] phone number to access your account from a different device.”

A code will be sent to the account’s original email address or phone number

This same process would protect people whose usernames were changed. In that same vein, Instagram says another feature that’s already available on Android will “ensure your username is safe for a period of time after any account changes, meaning it can’t be claimed by someone else if you lose access to your account.” This feature is coming to iOS now.


Hackers often want to gain access to an account to hold a prized username or influencer’s account for ransom. The company has previously mostly relied on a system that involved having hacking victims take a selfie in which they held up a piece of paper with a code that Instagram sent them. The idea is that human moderators can match their face up with the photo and verify they are who they say they are, but the system doesn’t always work. This new test doesn’t appear to be replacing that system, but rather augmenting it.