Instagram users urged to ignore suspicious password reset emails after data breach fears
Millions of Instagram users have been urged to be careful after unexpected password reset emails emerged and fears of a possible data breach grew.
Many users say they have received multiple emails asking them to reset their passwords, even though they have not requested any changes.
The messages appear to come from Instagram itself, warning “A request has been sent to Instagram to reset your password” and offering links to reset your password or “let us know” if the request isn’t theirs.
“If you ignore this message, your password will not change,” the emails said.
Cybersecurity firm Malwarebytes said many of the emails may be linked to an alleged breach that occurred in late 2024.
According to the firm, hackers may have scraped profile data from approximately 17.5 million Instagram accounts, including usernames, addresses, phone numbers and emails.
Experts warn users to ignore unsolicited password reset emails and avoid clicking on any links.
However, Instagram called on users not to panic.
“Receiving a password reset email does not necessarily mean that your account has been hacked,” the platform said on its website.
“For example, when someone tries to log into their account or reset their password, they may misspell or misremember their email address or username and accidentally enter yours.
“Only people who know your Instagram password or clicked the login link in this email can log in to your account.”
The company owned by Meta emphasized that official correspondence comes only from @mail.instagram.com.
“If you have additional security concerns, you may want to reset your password and enable two-factor authentication,” the platform said.
Meta has not yet confirmed whether Instagram suffered a cybersecurity breach.
