Things you must do after restoring access to a hacked account
Like any other account, your Instagram can never be 100% protected from hacking. Skillful hackers crack the most powerful systems, but despite this, users continue to set short passwords and do not enable two-factor authentication, naively believing that this will not affect them.
It is worth remembering that hackers may need any profiles, including yours. Even if it is almost empty and you don't mind losing it. Other people may be harmed due to your negligence in protection.
There are cases of non-obvious hacking, when a scammer only needs to send mail on your behalf and leave you alone with it. It is easy to notice it in the directive, but in the comments to other people's posts it is almost impossible if no one likes and answers them. This is what the scammers rely on, who enter and leave someone else's profile, leaving it unchanged. This will showcase a real person with your life and make spam seem more convincing.
After you have managed to log into your account, first of all, end all sessions from other devices, and then change the password. Add symbols and special characters if not enough. Enable two-factor authentication to make your hacking attempt less successful.
After that, it's worth checking the direct. Perhaps the hacker did not neglect the opportunity to leave his traces there, believing that you will not notice. Don't leave it as it is, write to everyone that this is a mistake and you will be hacked. If the message contains a link, then it is more likely to be phishing, and in no case should it be opened.
As for the comments, it is getting more difficult here. To see your replays, you will have to use third-party services. For example, the Instashpion service is designed to track likes, comments and subscriptions of the selected profile, but it can also show your latest actions.
The most problematic is to quickly restore access to your account and notify your friends and acquaintances about the danger. Phishing aims to hack profiles through suspicious links. For some "tricks", only ten minutes are enough. If someone has already followed such a link, then advise him to complete all operations from other devices as soon as possible and change the password to a more complex one.
In the end, it's best to post that you've been hacked and don't follow the links. Smart people will first check to see if there are any such warnings from the person.
In summary, the most important thing in this situation is not to ignore it. Even if you escaped with small losses, in fact the scale of the tragedy can be colossal. Hackers never return profiles just like that.