Image of Cherie, blog author


We shared on our Instagram account recently that in early December our TDP Instagram account got hacked, and myself and our Studio Manager went head to head with people who were actively trying to get the account off of us.

*an important n.b? When I say “myself and our Studio Manager went head to head with people who were actively trying to get the account off of us”, I mean … Katie did all the grunt work, and I was just whelping into the phone > being mostly utterly useless, and saying things like, “it’s gone Katie, it’s f*cking gone”. #lol 

The thing is though, we [read: Katie. #lol] got our account back, but jay-sus my [read: Katie’s. #lol] adrenals were cooked afterwards, and I [again, Katie] was a legitimate anxious mess.

That same week? We saw multiple accounts going up against attempted hackers, and for some? They lost it entirely and received the dreaded flipping email from those holding the account to ransom [from Turkey] and asking for xyz amount of dollars in exchange for their account returned etc.


So what worked for us? Well, it’s everything I teach the majority of workshop attendees who’ve sat in a TDP workshop [in-person, or virtually], and so I thought I’d hop on to our blog today with a 3-important-parts to this here one blog post on;

  • What to do if your Instagram account is hacked
  • What to do to avoid getting hacked in the future, and
  • Lessons we can all take from the thread of a social platform hack



Let’s kick off with step one, which is what to do if your Instagram account is hacked


So, this is the most horrifying part [and it really is the sickest feeling], and I’m coming at this as if you’re still at that point where you [and your potential hackers] might still have dual access to the account [i.e you’re both in there].

If that’s you, you’ll need to;

  • Change your password.  Like, quick [it really is a race against time in this situation].
  • Send yourself a password reset email
  • Set up 2-factor authentication [if you reach this point, it’s most likely you’ll regain control of the account … as opposed to the hackers]
  • If you reach this point, your hackers will likely lose access to the account … and you’ve won [‘grats!].


If you’ve well and truly been hacked, there’s [unfortch.] not a lot you can do other than reach out to Instagram’s support centre [good luck, it’s an 87 year long wait.  It’s horrifying] … or pay the hackers to have your account returned to you [might be time to look into cyber insurance etc.].


Now let’s focus on step two, which is how to avoid your Instagram account getting hacked


So, this is the stuff I teach in most [basically, all] TDP workshops [i.e it almost always comes up in conversation] … because you think this sh*t won’t happen to you, but it does [and did happen to me way back when I was managing a massive eComm account for a large online fashion retailer] 

Juggernaut Instagram account that I was managing solo [on behalf of my client], and on Sunday morning at 5am? … we got hacked [I went head to  head with that hacker, and did regain control of the account … but my nerves were shot for a good 3-4 weeks afterwards, and I made a big switch to putting measures in place to ensure that would never happen again].

Here’s what I recommend to similarly avoid getting hacked;


  • First and foremost? When you’re signing up to Instagram, everyone [like, everyone] puts in their hello@ or info@ or cherie@ emails as the login email, and guess what? … that’s so easily f*cking guessable to a hacker, which means 50% of the hacker puzzle is figureout’able [i.e those emails are – quite literally – on your website!].  You need a random email to be able to attach to the account, which could even be a gmail email etc.  Whatever.  It doesn’t matter.  So long as it’s you who has access to the email, and it’s not easily guess’able and most definitely not on your website.


  • Then? You’ll want to update your Instagram password quarterly [and restrict how many people have access to that password.  Nothing personal, it’s just business].  This is almost awkward, but if a TDP team member moves on from TDP? The first thing we do is change all social media passwords.  Again, nothing personal … just business [and also #cybersecurity].


  • The next important thing you’ll need to do is minimise how many people have access to your Instagram account, so for those who have a team/s … really think about how many people honestly need to touch the account, and if you can reduce that number? You significantly reduce your risk of being hacked.  For TDP, we have no more than x4 team members with access to our Instagram account.


  • This next piece of advice is controversial, but if you’re really wanting to avoid being hacked? Have 2-factor authentication on.  Not many people do this, because it then means you can’t schedule your Instagram content via 3rd party scheduling programs [and believe me, I am all about reducing the amount of time you’re on your phone].  So I’ll leave this decision with you [because it can only be decided on by you and you only], but I can honestly say that when you turn 2-factor authentication on? Your risk of being hacked is reduced by a statistic I could only guess … but that I know would be a lot.  [FYI? TDP currently has 2-factor on because of aforementioned near-IG-account-hack, and I am hating our inability to now schedule content in advance … but am loving that much more secure feeling].


  • Finally? Don’t assume you won’t be hacked.  You genuinely think it won’t happen to you, and when it does? … you’re not prepared > your anxiety floods > you haven’t got a plan in place > you don’t have a “if we lose our IG account, what steps should we take next?” plan, or a “how will our business be impacted by the loss of our IG account?” plan, or – more solidly – digital marketing efforts in place elsewhere to ensure you’re not financially destroyed should you lose what might potentially be your number one driver of website traffic / sales conversions / etc.



And now? Let’s focus on the final consideration, which is focusing on the associated lessons from a social platform hack [or near-hack]


At this point in time, it goes without saying that [on this occasion] we didn’t lose our account [but nothing on social media is guaranteed.  Nothing], and so I’m focusing again [like any good strategist] on reminding myself to build strength around not just one platform [Instagram, for example].

For us, we’ve done this from the day TDP began … and I genuinely think so many people would think our no. 1 driver of website traffic / social conversions is Instagram, but honestly? It’s not.  Not even close.

In order of preference, it goes like this;

  • EDM’s
  • Facebook [paid]
  • Facebook [organic]
  • LinkedIn
  • Google Ads
  • Instagram
  • Instagram stories


And I’m sharing this mild to moderately sensitive data with you, because I want you to know that whilst I just about vomited at the thought of losing our IG account … it wasn’t going to be a business ending experience [as you can see above, IG comes in last for TDP].

Actually, the reason for my panic was the sentimental value our Instagram account holds to me, i.e the [very heavily documented] journey of my company’s rise and rise [FYI? To tackle the sentimentality issue, I now have a documented with all images and all posts shared in our TDP lifetime, should we – for any reason – lose access to our account].

So I’d implore you to research what drives the majority of the stuff your business needs to keep your business in business [for us? That’s our email marketing strategy, and Facebook], and subsequently build strength around that.

From there? Try to build diversity within that mix so that you’re not in the dreaded danger zone of “all eggs in one basket”.  Perhaps it’s that I’m married to someone who manages risk for a living, but an “all eggs in one basket” approach makes me s.w.e.a.t.



Has this been helpful?

Is there anything I’ve left out?

Got a hack’y story of your own to share? Share it in the comments below.