Can a hacker permanently delete my Instagram account?

An attacker can request deletion, but Instagram holds accounts for 30 days before permanent removal. Filing a recovery request within that window can reverse the deletion, so act quickly rather than assuming the account is gone.

How long does Instagram account recovery take?

Self-service recovery usually takes 1–3 days. Complex takeovers where the email and 2FA were both changed can take longer; specialist help can shorten it to roughly 48–72 hours by working through verified support paths.

Instagram support isn't responding — what now?

Resubmit the form from a known device, keep every confirmation email, and avoid creating duplicate reports (they reset your place in the queue). If your account is monetized, a service like Locket Security can escalate through trust-and-safety contacts.

Account Recovery

How do I recover a hacked Instagram account?

By Bridget · Updated May 2026 · Reviewed by Locket Security Team

★

★ the short answer

To recover a hacked Instagram account, first secure the email tied to it and change that password. Then use Instagram's “My account was hacked” flow from the login screen to request a recovery link or verify your identity with a video selfie. Lock connected apps and turn on 2FA the moment you regain access.

How do I know my Instagram account was hacked?

You've likely been hacked if you get a login or email-change alert you didn't request, your password suddenly stops working, or friends report DMs and posts you never sent. Instagram emails every security change to your original address — check that inbox before assuming you're fully locked out.

Act on the “your email was changed” notice fast: it contains a “revert this change” link that's only valid for a short window. Clicking it can undo the takeover before the attacker finishes locking you out.

What should I do in the first hour after being hacked?

In the first hour, secure the email address connected to Instagram — change its password and turn on 2FA there first. Then attempt Instagram's recovery flow. Securing the email matters most: if the attacker still controls it, they can reset your Instagram password again the moment you regain access.

How do I use Instagram's hacked-account recovery form?

From the login screen, tap “Forgot password?” then “Need more help?” to reach “My account was hacked.” Instagram emails a recovery link or asks for a video selfie to confirm your identity. Submit from a device and Wi-Fi network you've used with the account before — it speeds approval.

If you have a verified or business account, you may also have access to Meta's dedicated support channels. For business accounts, check whether the account is linked to a Meta Business Suite or Facebook Page — recovery sometimes runs through there.

How do I lock the account back down after recovery?

Once you're back in: reset the password to something unique, switch 2FA to an authenticator app (not SMS), review and remove unknown logged-in devices and connected third-party apps, and confirm the email and phone number on file are yours. Save new backup codes somewhere offline.

★

★ quick steps

Recover a hacked Instagram account

1
Secure your email
Change the password on the email tied to Instagram and turn on 2FA there before anything else.
2
Open Instagram's recovery flow
On the login screen tap Forgot password → Need more help → My account was hacked.
3
Verify your identity
Submit a video selfie or recovery code when prompted, from a device you've used with the account.
4
Re-lock the account
Reset the password, enable authenticator-app 2FA, and remove unknown devices and linked apps.

Frequently asked

: An attacker can request deletion, but Instagram holds accounts for 30 days before permanent removal. Filing a recovery request within that window can reverse the deletion, so act quickly rather than assuming the account is gone.
: Self-service recovery usually takes 1–3 days. Complex takeovers where the email and 2FA were both changed can take longer; specialist help can shorten it to roughly 48–72 hours by working through verified support paths.
: Resubmit the form from a known device, keep every confirmation email, and avoid creating duplicate reports (they reset your place in the queue). If your account is monetized, a service like Locket Security can escalate through trust-and-safety contacts.

Sources

Instagram Help — Hacked Accounts

Want a human in your corner?

Locket Security helps creators recover, lock down, and protect every account they monetize — without the enterprise jargon.

See how Locket helps ★

Two-Factor Authentication★ Start here

How do I turn on 2FA for Instagram?

Two-factor authentication is the single biggest thing standing between a creator and an account takeover. Here's the exact path to switch it on the right way.

Low priorityRead guide →

Account Recovery★ Start here

How do I recover a hacked TikTok account?

What to do when you lose access to your TikTok — the exact in-app report path, how to verify ownership, and how to keep the attacker from coming back.

High priorityRead guide →

Scams & Impersonation★ Start here