Based on my experience,
I had a client whose instagram business account was hacked, he came to me after 21 days, which is a lot.

We reported the account as hacked and used his phone to recover the account, the owner was in iraq, and the hacker was in Cyprus.

After the submission we waited 8 hours and got back the account.

But because of the hacker used the instagram in his phone for like 21 days, instagram trusted his phone as an owner.

He took the account again and we recovered again, for 8 times maybe.

Finally we found a solution which was great, and it worked everytime.

Change the age restriction to +99 years old in your instagram account, and wait for 48h, then he can’t recover it using OGemail and neither OGphone.

That workes because you can’t recover the account when it is age restricted, and when you try to type the username, it says you can’t recover this account.

I have been thinking of a solution since the night and the last point I can come to is that they can access all data by choosing to send all data to email rather than access my account data. this may be a little more tiring for ticket staff and longer for seller and buyer. however, the buyer and Swapd are better protected from account withdrawals.

Interesting. Even after you switch back?

So I’ve downloaded the data on my test device. All devices are saved:

{“devices”: [{“last_seen”: “2019-02-11T14:33:09.890639+00:00”, “user_agent”: “Instagram 79.0.0.18.100 (iPhone10,6; iOS 12_1_2; en_PL; en-PL; scale=3.00; gamut=wide; 1125x2436; 140490268) AppleWebKit/420+”, “device_id”: “A5F18417-9097-4C8A-B70C-A4F79415B48D”}, {“last_seen”: “2017-07-19T14:42:21.382453+00:00”, “user_agent”: “Instagram 9.7.0 Android (18/4.3; 320dpi; 720x1280; Ditigron; TR10CD1_11; TR10CD1; qcom; en_US)”, “device_id”: “android-6d66a4b97b3e6a44”}]}

Question, could this be emulated? Or the app data copied via an app what we could potentially create?

When you are logged in for 48h, your phone will be verified as a trusted phone for the specific account. So after 48h you can go back to normal. And it is done.

if u are still having issue with recovering that account give me chance to help u. maybe i can help u in recovery.

Do you think it’s worth doing this on all accounts you buy?

Thank you for the answer. Was this tested in any way?

Tested on 7 accounts, all worked.
You can test it.
I personally trust this method as i found it myself.

Awesome. This is why I love you guys. Let’s continue the discussion so we can devise the best ways of closing up loopholes.

Can you recover hacked accounts that still have the IGE?

@bunny

We’ve had other knowledgeable users who tested and confirmed that while changing the pass via the Location tab (the “this wasn’t me” setting) and not the actual change pass tab the cache on the device gets wiped. Thoughts? Because we secure accounts like that every time (or at least I do).

Has anyone tried the temporarily disabling the account method? I know it kills active links, but can’t speak to whether it clears device data or not.

I do for a week

If it is recovered/hacked by the account support forms or the recovery screen, no message will be sent to your e-mail address and no e-mail will be sent to undo this change

Because no e-mails will be sent to you because the accounts taken from the support forms or recovery screens also identify the malicious person as the account owner and the account owners as the malicious person

Sorry, that doesn’t work.

Yeah I know that, I was just asking about the fact that removing the previous user via the Location tag clears/voids his app cache/cookies, so unless he had two devices, problem solved from that point of view.

image1125×2436 240 KB

If you are talking about it, this will only close the active session, not preventing access to the main device.

We had a user test and confirm otherwise. So not sure, as I didn’t test myself.

Let me test and report when i am available.