Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Is Instagram safe? Here’s what the experts say

Concerned about how secure Instagram is? You’re not alone. Like all social media platforms it’s terms and conditions are fairly long reads and full of technical language, that makes it hard to know quite what you’re signing up to.

Here to help give you an idea of the potential perils and protections on Instagram, we reached out to some security experts to see what they think its data policies and if it does enough to protect its user’s from hackers.

What is Instagram

Instagram is an image based social network that came onto our screens in 2010, racking up an impressive 25,000 users in just one day. By 2012, the app had been bought by Facebook and since then it has continued to grow an audience of young and old alike.

Since its humble beginnings, there have been questions on the safety of Instagram and if the app is doing enough to keep its user’s data and personal information safe.

In one of the most recent updates, Instagram had bought in a feature that allows users to set up two-factor authentication, allowing them to be notified if an unfamiliar device tries to log into their account. But, is it too little too late?

What are the dangers of Instagram?

Some of the dangers of Instagram include hackers, phishing profiles and possible damaging content posted to the site. Right now, Instagram has few ways to tackle these problems.

“Whilst apps on your smartphones can be fun and engaging, people must make informed decisions about how much they’re willing to share online. We entrust so much valuable personal data to social media platforms, such as addresses, payment information and photos, that people must take their online privacy seriously, ” David Emm, Principal Security Researcher at Kaspersky, told Trusted Reviews.

“Regardless of the platform that people are using and irrespective of any specific vulnerabilities identified, people need to develop the same security processes to reduce the risk of an attack on their device,” Emm goes on to say.

According to Emm, one of the most common methods criminals use to obtain access to social network accounts is via phishing.

Phishing is a popular type of online scam where criminals impersonate legitimate organisations, either using social media or other platforms, to steal sensitive information. Phishing profiles can also come in the form of accounts that look like a normal person, many people on Instagram actually have their own profile copied to try and trick that user’s followers into interacting with them.

“In many instances, Instagram users themselves are the vulnerability that hackers are looking for: they give out their credentials by entering them into phishing websites, uncertified apps and fake web pages. Due to its popularity, Instagram has always attracted a high amount of fraud – the number of people using the platform is now more than a billion.

“Once a criminal has hacked into a user’s account, they can access that user’s personal data and their correspondence. And the user’s profile can be turned into a source of malicious content, phishing and spam,” Emm explained.

What protections does Instagram have?

Instagram has been much slower on the uptake than the other social media sites, introducing a Security Checkup feature and Sensitive Content Control feature within the last month.

The more meaningful of the two, the Security Checkup feature sets up two-factor authentication, which means a user has to verify one trusted phone number or a third-party app to their account to limit other users from getting into it.

“This is a welcome and long overdue addition to Instagram. It has lagged behind its peers in terms of a security model and has been the victim of some high profile security compromises (such as abuse of direct messages in 2020). Adding two-factor authentication is something all cloud services should offer as a standard, so this is a welcome step by Instagram, ” Tom Gaffney, Security Consultant at F-Secure, told Trusted Reviews.

Kaspersky focuses on cybersecurity solutions and services, including keeping people’s personal data safe on social media.

“Instagram’s popularity makes it an attractive target for criminals and their recent launch of the ‘Security Checkup’ feature will certainly help guide people to secure their account and help those whose accounts may have been hacked to recover them. However, this won’t stop the problem entirely,” Emm went on to say.

Users now have the option of setting up two-factor authentication for their profiles, however, some experts are claiming that this still isn't enough to protect people's data.

The two-factor authentication also will unfortunately not have an impact on people who choose to impersonate others on the platform, as pointed out by Gaffney from F-Secure.

“As there is no external checking on who sets up accounts, there is nothing Instagram can do to stop users from creating bogus accounts using other people’s names. The only recourse for those who have accounts created in their name is to monitor them and alert Instagram directly,” Gaffney explains.

What further actions should users take?

Kaspersky’s Principal Security Researcher suggested that users need to take control of their accounts, warning that people shouldn’t click on suspicious links and always use the official Instagram app from the official app store, such as Google Play for Android and the App Store for iOS.

“To take control of their digital identity, all consumers must be vigilant about the information they share with online organisations, review privacy settings and make sure to use strong, unique passwords and two-factor authentication on all digital services. Reviewing cookie policies is also important, to ensure you are not sharing more data with companies than you would like to,” Emm told Trusted Reviews.

F-Secure builds detection and response solutions and offers cybersecurity services to businesses and individuals, and its Security Consultant Gaffney suggested that users need to do more to keep their data safe.

“Apart from enabling two-factor authentication, users should use a strong password for their account and should have a separate password for each service e.g., Facebook, eBay, Amazon etc. If creating strong separate passwords is tough, consider using a password manager,” Gaffney explained to Trusted Reviews.

“Users of Instagram should also review their privacy settings, and limit undesirable or harmful comments by restricting what you post and who can message you. So they should also check your followers and consider setting their posts to private.”

Another way to keep yourself safe on the app is to make sure you never send your personal information to anyone over the app, especially someone you don’t know.

Also, watch out for the address bar for the URL, make sure you’re not clicking on a fake link that looks realistic, such as ‘’ or ‘’ instead of ‘’. If you’re worried, it’s best to type in the address yourself.

Instagram gives users the choice of setting up two-factor authentication with either a moblie number or through a third-party app.

Why should you enable two-factor authentication on Instagram?

It’s still a newer feature on the app, but the experts are encouraging everyone who uses Instagram to make sure they’ve taken the time to set up the authentication.

“Two-factor authentication is one of the best security developments in recent years. Everyone from your bank to your favourite shopping sites, and all the big social media companies like Google and Facebook offer it to keep your account safe,” Gaffney claims.

“Two-factor authentication means you nominate another trusted communication channel to your account, usually a phone number or email address. When the cloud entity sees “suspicious” activity, like logins from a different device, location, email or mobile number, they can send an authentication code to your trusted number/device.”

It’s also important in preventing attacks on your account.

“Two-factor authentication comes into play when a company you’ve created a login with gets hacked, or if someone tries to log into your account. A hacker may know your username or password and try and reset these so they can abuse your accounts. If you have it set up, then they can’t access your account or make changes unless they can also access messages for your trusted number.”

Setting up two-factor authentication is also not difficult, and can be done within the Instagram app within minutes.

Kaspersky also is an anti-virus provider, meaning it can protect your devices from nasty viruses you can catch from some phishing emails or suspicious sites.

“Consumers should always use two-factor authentication where available, as it adds an essential layer of security. Anyone trying to log into your account would need to provide an additional means of verifying your identities, like a one-time passcode delivered via an app, text message or email, or a physical device that generates a passcode,” Emm went on to say.

“Most people use their e-mail address as a username and a static password. With two-factor authentication enabled, an additional – per access – passcode is required. So even if your username and password have been compromised, the attacker would not be able to access your account because they wouldn’t have the one-time passcode.”

If you’re interested in more ways to protect your data online, check out our list for the best VPNs in the link prior.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.