Security Checkup guides potentially hacked people through the steps needed to secure their account. Some of these steps include checking account login history, reviewing profile information, checking the accuracy of accounts with which account login information has been shared, and updating the contact information needed to retrieve the account, such as phone number, email address.
Instagram also shared some tips to help people keep their accounts secure:
• Use two-factor authentication: You can use two-factor authentication with your phone number or with apps like Duo Mobile, Google Authenticator.
• Instagram will never send you a Direct Message: Malicious accounts can send you a Direct Message to access sensitive information such as account passwords. They may say that your account is at risk of being terminated, that you are not following Instagram’s intellectual property policies, or that your photos have been shared elsewhere. Instagram will never send you a Direct Message. If Instagram contacts you about your account, you can see it in the “Emails from Instagram” tab in settings.
• Report content and accounts you find suspicious: You can report content directly on its profile by clicking the three dots in the upper right corner of the post, tapping on a message, or visiting the account itself.
• Activate login request: When you use two-factor authentication on Instagram, you’ll get a notification when someone tries to log into your account from a device or browser that Instagram doesn’t recognize. This notification informs you from which device the login is attempted and the location of the device. You can instantly approve or deny this request from devices you are already logged in to. You can also view the list of devices that were last logged into your Instagram account at any time under “Settings”, “Security”, “Gestures”. If you don’t recognize a recent listing, you can log out from that location or device and let Instagram know it’s not yours.