Instagram Security

<  Back to Fact Sheets
Instagram Security

Instagram is a social networking app made for sharing photos and videos from a smartphone/device. Similar to Facebook or Twitter, everyone who creates an Instagram account has a profile and a news feed. Other users who follow you will see your posts in their own feed. 

Quick Facts
  • When you post a photo or video on Instagram, it will be displayed on your profile. 
  • Instagram is a great networking tool, but can be exploited to access private photos, geo-locate, delete photos, edit comments and post new photos. 
  • An Instagram account can be directly linked to a Facebook account. 
  • Using hashtags on Instagram posts will enhance a user’s engagement. A hashtag improves user’s chances of having their photo seen by other users who do not directly follow them. 

  • Don’t post information, photos or videos you wouldn’t want made public. 
  • Always use strong and unique passwords. 
  • Enable personal verification as a tool if you forget your password. 
  • Do not allow access to 3rd party apps that may collect your information. 
  • Keep backups of your posts if they are important to you or your business. 
  • Unfollow or block those that threaten your wellbeing. 
  • Disable geolocation on posts, tailored ads and others ability to tag you in photos. 
  • Use a “link checker” service to ensure all links are safe before clicking! 
  • Use private accounts so that only those who you permit can see your content. 

Detection & Response 
  • Your account is leaving comments or sharing things that you haven’t posted. 
  • Without acting, your account starts to follow people you don’t know and also like their images. 
  • There are images on your account which you KNOW aren’t yours. 
  • You don’t have access to your account anymore and you are 100% sure that you’re using the right password and it’s not a technical glitch. 
  • If your registered Instagram account email was changed, there should be an email from Instagram confirming that you’ve changed your email. 
  • Click the link attached to the email to revert your account back to the original email address. 
  • If you don’t have this email, do a passwordreset to reset the password to your original emailaccount. 
  • If you don’t get this email reset your password then report your account as being compromised to Instagram. 
  • Inform Instagram immediately if your account has been compromised by going to their Help Centre (see 

For more facts of social media security please see our other Social Media Fact Sheets


Identity Care Australia & New Zealand Ltd (IDCARE) provides identity and cyber security incident response services (the Services) in accordance with the following disclaimer of service:

IDCARE is Australia and New Zealand’s national identity and cyber incident community support service. We are a not-for-profit charity.

  • The Services provided do not constitute legal advice. IDCARE recommends that you consult a solicitor in relation to your legal rights and obligations, including but not limited to your legal rights or obligations under Australian and international privacy and data protection laws.
  • While every effort has been made to ensure the accuracy of the information in this product or service, to the maximum extent permitted by law all conditions, terms, representations, and warranties (in each case, whether express or implied) in connection with the provision of the Services which might otherwise be binding upon IDCARE are excluded.
  • IDCARE’S liability for any loss or damage suffered by any person or organisation (including, without limitation, any direct, indirect or consequential loss or damage) arising out of or in connection with the Services (including without limitation liability for any negligent act or omission, or statement, representation or misrepresentation of any officers, employees, agents, contractors or consultants of IDCARE) shall be limited to the fees paid by you to IDCARE in respect of the Services. For the avoidance of doubt, this limitation of liability extends to any liability arising from any actions performed or not performed as a result of any recommendations made in course of providing the Services.
  • The Services provided by IDCARE are intended to be provided solely to the initial recipient of this document or service and IDCARE will not be liable to any other person who may receive this document.

While every effort has been made to ensure the accuracy of the information in this alert, IDCARE disclaims any liability to any person in respect to any actions performed or not performed as a result of the contents of the the Services or any accompanying data provided. Wider dissemination may be permitted by authority in writing from IDCARE’s Managing Director. If you would like to provide feedback please use our Feedback Form.


IDCARE is here to provide you with specialist support and guidance when faced with a cyber and identity related issue. Contact one of our Identity & Cyber Security Case Managers to learn more about our Support Services and how we can help you.   

Get help

Submit a web request

Call Centre Icon


1800 595 160

Mon - Fri: 8am - 5pm AEST

QLD: 07 3555 5900
ACT & NSW: 02 8999 3356
VIC: 03 7018 2366
NT, SA & WA08 7078 7741

Call Centre Icon

call our NEW ZEALAND

0800 121 068

Mon - Fri: 10am - 7pm NZST

AKL: 09 884 4440