Today, we’re launching Security Checkup, a new feature to help people keep their Instagram accounts secure. Security Checkup will guide people, whose accounts may have been hacked, through the steps needed to secure them. This includes checking login activity, reviewing profile information, confirming the accounts that share login information and updating account recovery contact information such as phone number or email.
Security Checkup is another way that we are working to keep Instagram accounts as secure as we can. But there are several other steps that we recommend everyone also take to make their account even more secure:
Enable two-factor authentication
We strongly recommend enabling two-factor authentication. If you’re using WhatsApp, in the coming weeks you will be able to protect your account using your WhatsApp number in certain countries. Alternatively, you can enable two-factor using your phone number, or an authenticator app like Duo Mobile or Google Authentication
Update your phone number and email
Make sure that the email and phone numbers associated with your device are up to date. That way if something happens to your account, we can reach you. These steps let you recover your account even if your info has been changed by a hacker.
Instagram will never send you a DM
Over the past few months, we’ve seen a rise in malicious accounts DMing people to try and access sensitive information like account passwords. They may tell you that your account is at risk of being banned, that you are violating our policies around intellectual property, or that your photos are being shared elsewhere. These messages are often scams and violate our policies. Instagram will never send you a DM. When we discover these kinds of scams, we take action against them. But we also encourage you to report the content and block the account. We’ve sent notices at the top of people’s Inbox to warn them about these messages over the past 2 months. If Instagram ever wants to reach you about your account, we will do so via the ‘Emails from Instagram’ tab in your settings, which is the only place you will find direct and authentic communication from us on the app.
Report content and accounts you find questionable
While we are always improving our technology to combat new trends and techniques that hackers and spammy accounts may use, you can also report individual pieces of content to us by tapping the three dots above a post, holding on a message, or by visiting an account and reporting directly from the profile.
Enable Login Request
When you set up two-factor authentication on Instagram you’ll receive an alert whenever someone tries to log in to your account from a device or web browser we don’t recognize. These alerts will tell you which device tried logging in and where it’s located. You can approve or deny the request immediately from your already logged in devices. You can also view the list of devices that have recently logged into your Instagram account at any time under “Settings,” “Security,” “Login Activity.” If you don’t recognize a recent login, you can log out of that location or device and let us know that the login wasn’t you
Accounts that impersonate others, use their verification status to hack and target people, or generally conduct spammy behavior with the hopes of misleading people on Instagram break our rules. We are constantly improving our technology to find and stop this behaviour.
We’ve also made significant updates to our Support Inbox, so you can find out the latest information about what’s happening with your reports, or find out if any of your posts are violating our policies. This includes being able to easily see the status of everything you’ve ever reported on Instagram, see what posts of yours may have broken our rules, and how to appeal those decisions. From there you can find much more information on the status of what you’ve reported to us.