How my phone was hacked through IG + How to stay safe

So many accounts on Instagram are getting hacked, it’s insane. I’m sure you’ve received weird messages with links enticing you to click. Only to find out later your friend was hacked and the hackers are trying to get you to fall for it too. 

Did you know the purpose of hacking your IG account is to gain access to your cell phone, so they can hack your phone and access your personal banking info to steal your money? 

This past week my Instagram account was hacked, and through my account they were able to hack my phone to retrieve personal data. It was extremely stressful, draining, and frightening. My personal safety - through my phone - was compromised. People with the intent to harm and steal my money had access to me - all through a convincing ploy to get me to click (or share) a link sent to me directly by the Instagram two-factor authentication number itself. 

Seriously. This is happening to so many people. I never thought this would happen to me and even though I did take some precautions, I wish I did more. 

I’m sharing my story so that you can understand what’s going on and better know how to protect yourself. 

Here’s my best understanding of exactly what happened step by step: 

  • I received a message from an account that was hacked asking for help with something (I didn’t obviously realize it was hacked - it was a local store I shop at frequently). 

  • Then I got a text message from Instagram, the short code number they use for two-factor authentication (99399) - Facebook uses the same number for two-factor authentication. My best understanding of how they did that was to create a program which triggers IG to send their message on their behalf from their official short code number. At that point they did not have my email or phone number, just that I was “following” the hacked account and could send me a DM. 

  • In that text message was some sort of short link. I know that hackers access your account through links and so I never click on them. 

  • I messaged the account back saying, “sorry I don’t click on links”. They said I needed to screenshot and send it to them. Because it was a message from the Instagram two-factor authentication number I wasn’t paying close attention and I sent it.

  • They were able to access my account and changed the email address with my account so that I was logged out and couldn’t log back in. 

  • With access to my IG account they are able to send similar messages to my contacts to try and hack them as well. 

  • They also had access to my personal phone number connected to my account, because I had two-factor authentication set up. 

  • With my phone number they were able to hack my phone, and see my personal data. Including the saved passwords on my phone to about 30+ apps. 

  • Two days after my initial IG hack, the local business I was hacked through told me the hackers' end game is to hack my phone and access my banking information. Both of the owners' phones had been hacked after their business account was compromised. 

  • I immediately looked under “Passwords” under “Settings” on my iPhone and it said there was a Data Leak with 30+ apps on my phone and I needed to change my passwords immediately. 

  • Thankfully my online banking app (TD) and my budgeting app (YNAB) were not compromised - although I changed the passwords to everything. 

  • Then I called my work and had my phone number changed asap in order to protect my new passwords and phone security. 

  • I removed most of the passwords + logins saved on my phone and stored them in an app called LastPass which is an encrypted password storage system. 


After going through this experience and making a ton of changes to how I store passwords here are some tips on how to stay safe: 

  • If you receive a strange message from an account you follow and you think it may have been hacked (even if it’s just a suspicion) BLOCK that account immediately. Double check with the person if you can outside of the app and confirm everything is okay. If it is, you can always unblock them easily. Blocking the hacked account will prevent them from sending you more messages. 

  • Never click on links or send screenshots of links. They can still hack you with the link if they can read it off a screen, even if you didn’t click it. 

  • Don’t trust any strange links even from IG’s two-factor authentication text messages. They will only use that to send you CODES to log in to your account. They will not send you links to click. 

  • If you’ve been hacked, or even if you haven’t, look under Passwords in Settings on your phone. See if there are any security recommendations flagged. I had some that specifically said “data leak” or some that said “under risk”. 

  • I suggest not storing ANY passwords on your phone itself. If your phone is hacked they are able to be seen and retrieved easily. Instead use an app like LastPass which encrypts your passwords, generates passwords for you, and makes it essentially impossible to hack. You can use it on both your phone and computer, and the free version is enough to stay safe! All you need is 1 master password to gain access to your vault (LastPass itself won’t even know your master password). 

  • If your IG account has been hacked, or you suspect your phone has been hacked, I recommend changing your phone number to stay safe and prevent the hackers from accessing your phone’s data. Changing my number was easy, and yes it’s a bit of work but so worth it. 

  • I also have a setting on my iPhone safari that blocks my IP address from websites trying to track me. After I was hacked it recorded 97 attempts to track my IP address. The day before my hack the number was zero. Look into setting up something similar on your phone if you can. 

I’m not a techy person and I may have some technical details wrong or misunderstood here, but the point is: people are actively trying to access your personal data to steal your money (or whatever other nefarious goal). It’s scary. It’s invasive and evil. And in order to stay safe, it’s possible to take some simple precautionary measures. 

Let’s stay safe out there friends. 


Was this article helpful?

To learn more, check out my ABOUT ME page.

You can also SUBSCRIBE to my writing.