To check your Instagram login activity, go to Settings > Accounts Center > Password and security > Where you’re logged in. This shows every device and location that currently has access to your Instagram account. If you see anything you do not recognise, you can log it out immediately.

Why should you check your Instagram login activity?

Instagram accounts are a top target for hackers. A compromised Instagram account can be used to scam your followers, post spam, or demand a ransom to give you your account back. Some attackers take over accounts and change the email and phone number, making it nearly impossible to recover without going through a lengthy identity verification process.

Instagram account theft has become increasingly common because billions of email and password combinations from data breaches are actively traded online. If you used the same password on Instagram as on any other site that was breached, your account is at risk right now.

You can check if your email was exposed in a data breach to find out whether your credentials might be circulating in stolen databases.

How do you check Instagram login activity on your phone?

Instagram uses Meta’s Accounts Center — the same system Facebook uses. Here is how to find it:

  1. Open the Instagram app on your phone
  2. Go to your profile (tap your picture in the bottom right)
  3. Tap the three lines (hamburger menu) in the top right
  4. Tap “Settings and privacy”
  5. Tap “Accounts Center” (near the top — this is Meta’s unified settings page)
  6. Tap “Password and security”
  7. Tap “Where you’re logged in”
  8. Select your Instagram account if you have multiple Meta accounts linked

You will see a list of every active session. Each entry shows:

  • Device name — the phone model, tablet, or browser
  • Location — the city and country based on the IP address
  • Last active — when the session was most recently used

Scroll through every entry. Pay attention to devices you do not own and locations that do not match where you live, work, or travel.

How do you check Instagram login activity on a computer?

You can also check from a desktop browser:

  1. Go to instagram.com and log in
  2. Click your profile picture in the top right
  3. Click “Settings”
  4. Click “Accounts Center” in the left sidebar
  5. Click “Password and security”
  6. Click “Where you’re logged in”
  7. Select your Instagram account

The same list of active sessions appears here with device, location, and timestamp details.

How do you remove a suspicious session from Instagram?

When you find a session that looks wrong:

  1. From the “Where you’re logged in” screen, tap or click the suspicious session
  2. Select “Log out”
  3. That device is immediately disconnected from your account

If you see several unfamiliar sessions or you are not sure which ones are yours:

  1. Look for “Log out of all sessions” or select sessions one by one
  2. Log out everything
  3. Log back in on your own device only
  4. Change your password immediately before the attacker can log back in

What are the warning signs of a hacked Instagram account?

Beyond suspicious login sessions, watch for these signs:

  • Posts or stories you did not create — attackers often post spam, crypto scams, or phishing links to your story
  • DMs sent to your followers — typically messages like “Check this out” or “Is this you in this video?” with a link designed to steal more accounts
  • Followers you did not add or people you unfollowed without doing it — profile changes can indicate someone is actively in your account
  • Email from Instagram saying your email or phone number was changed — this is urgent. If you did not make this change, someone is trying to lock you out
  • Apps and websites connected to your account that you do not recognise — these can be used to maintain access even after a password change

If your email has been exposed in a breach, these attacks become much more likely. Credential stuffing attacks — where hackers test stolen passwords across multiple platforms — are responsible for a massive share of account takeovers as of 2026. Check your email now to see if you are at risk.

What should you do if your Instagram was hacked?

Follow these steps in order:

Step 1 — Log out all sessions. Go to Where you’re logged in and remove every session. This cuts off the attacker immediately.

Step 2 — Change your password. Go to Accounts Center > Password and security > Change password. Use a password that is at least 16 characters, completely random, and unique to Instagram. Do not reuse passwords from other sites. A password manager handles this for you. For help, read how to create a strong password.

Step 3 — Enable two-factor authentication. Go to Accounts Center > Password and security > Two-factor authentication. Choose an authenticator app (Google Authenticator or Authy) over SMS. Even if an attacker obtains your password in the future, they will be blocked without your second factor. Learn more in what is two-factor authentication.

Step 4 — Check your account details. Verify that your email address and phone number have not been changed. Go to Accounts Center > Personal details and confirm everything is correct. If the attacker changed your email, Instagram sends a reversal link to your original email — check your inbox and spam folder.

Step 5 — Remove connected apps. Go to Settings > Apps and websites. Revoke access for any app or website you did not authorise. Each connection is a potential way back into your account.

Step 6 — Review your content. Check your posts, stories, DMs, and bio for anything you did not create. Delete any spam content and message affected followers to let them know your account was compromised — so they do not click any malicious links the attacker sent.

How do you prevent Instagram hacks in the future?

The formula is simple and effective:

Use a unique password. If your Instagram password matches any other account, you are one data breach away from losing your profile. Every account needs its own password. This is what protects you from credential stuffing attacks.

Keep two-factor authentication enabled. This stops the vast majority of unauthorized logins, even when the attacker has your correct password.

Turn on login alerts. Go to Accounts Center > Password and security > Login alerts. Instagram will notify you when a new device accesses your account.

Check for breaches regularly. Use EmailLeaked to scan your email against billions of stolen records. The sooner you know about a breach, the faster you can change your password before anyone uses it against you.

Frequently asked questions

Can I see who logged into my Instagram?

You can see every device, location, and time that your account was accessed, but Instagram does not show the specific person. Go to Settings > Accounts Center > Password and security > Where you’re logged in. If you see a session from a device or location you do not recognise, someone else has your credentials.

How do I kick someone off my Instagram account?

Go to Settings > Accounts Center > Password and security > Where you’re logged in. Tap on the session you want to remove and select “Log out.” Then immediately change your password and enable two-factor authentication to prevent them from logging back in.

Why does my Instagram login history show a city I have never been to?

There are two common explanations. First, if you use a VPN or mobile data, your IP address may map to a different city than where you actually are — this is normal. Second, if the location is in a completely different country and you do not use a VPN, someone else may be accessing your account. When in doubt, change your password and enable two-factor authentication.

Does Instagram tell me if someone tries to log in with my password?

Instagram sends push notifications and emails for suspicious login attempts if you have login alerts enabled. Go to Settings > Accounts Center > Password and security > Login alerts and make sure notifications are turned on. Without this setting, you will not receive any warning.