Instagram users worldwide are receiving unexpected password reset emails, and cybersecurity experts are urging caution. The emails, which appear legitimate, claim that a password reset has been requested and include a 'Reset Password' button and a 'let us know' hyperlink.
Davey Winder, a cybersecurity writer and analyst, reported receiving such an email on Friday. According to Forbes, hackers are relying on users to panic and click the links without thinking. While clicking the button alone may not compromise an account, it could lead to phishing sites or provide attackers with additional information.
The spike in password reset requests may be linked to a hacker posting data on 17.5 million Instagram accounts on BreachForums just hours before the surge began, Forbes reported. Instagram states that receiving a reset email does not automatically indicate a breach, as it could result from user error. Emails from Instagram are only sent from @mail.instagram.com.
To protect accounts, Instagram recommends enabling two-factor authentication (2FA), which is already active by default for creator accounts. Users should also secure their email accounts with unique passwords different from their social media passwords. If an account is compromised, users can visit instagram.com/hacked for recovery steps.



