Quick Facts
  • When you post a photo or video on Instagram, it will be displayed on your profile. 
  • Instagram is a great networking tool, but can be exploited to access private photos, geo-locate, delete photos, edit comments and post new photos. 
  • An Instagram account can be directly linked to a Facebook account. 
  • Using hashtags on Instagram posts will enhance a user’s engagement. A hashtag improves user’s chances of having their photo seen by other users who do not directly follow them. 

  • Don’t post information, photos or videos you wouldn’t want made public. 
  • Always use strong and unique passwords. 
  • Enable personal verification as a tool if you forget your password. 
  • Do not allow access to 3rd party apps that may collect your information. 
  • Keep backups of your posts if they are important to you or your business. 
  • Unfollow or block those that threaten your wellbeing. 
  • Disable geolocation on posts, tailored ads and others ability to tag you in photos. 
  • Use a “link checker” service to ensure all links are safe before clicking! 
  • Use private accounts so that only those who you permit can see your content. 

Detection & Response 
  • Your account is leaving comments or sharing things that you haven’t posted. 
  • Without acting, your account starts to follow people you don’t know and also like their images. 
  • There are images on your account which you KNOW aren’t yours. 
  • You don’t have access to your account anymore and you are 100% sure that you’re using the right password and it’s not a technical glitch. 
  • If your registered Instagram account email was changed, there should be an email from Instagram confirming that you’ve changed your email. 
  • Click the link attached to the email to revert your account back to the original email address. 
  • If you don’t have this email, do a passwordreset to reset the password to your original emailaccount. 
  • If you don’t get this email reset your password then report your account as being compromised to Instagram. 
  • Inform Instagram immediately if your account has been compromised by going to their Help Centre (see https://help.instagram.com). 

For more information on social media security. Please see our other Social Media Fact Sheets


Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. We are a not-for-profit charity.

  • The Services provide do not constitute legal advice. IDCARE recommends that you consult a solicitor in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
  • While every effort has been made to ensure the accuracy of the information in this product or service, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
  • IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limitation liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in course of providing the Services.
  • The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document or service and IDCARE will not be liable to any other person who may receive this document.

While every effort has been made to ensure the accuracy of the information in this alert, IDCARE disclaims any liability to any person in respect to any actions performed or not performed as a result of the contents of the the Services or any accompanying data provided. Wider dissemination may be permitted by authority in writing from IDCARE’s Managing Director. If you would like to provide feedback please use our Feedback Form.

Other fact sheets

Our Fact Sheets offer important information on how to prepare, prevent, detect and respond to Identity theft and other cyber related issues.
Linkedin Security

LinkedIn is a social tool for individuals interested in developing their professional network.

view fact sheet
Employment Scams

Employment Scams are designed to recruit unsuspecting individuals to launder money.

view fact sheet
Understanding Ransomware

Ransomware is a form of malware (a virus) that encrypts files.

view fact sheet


IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   
Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440