If you’ve received an email, or a few, from Instagram offering to reset your password, you’re not alone. Multiple users complained about the unsolicited password reset requests, and Instagram has finally given an explanation.
Instagram says the fishy password reset emails were a bug, not a breach
Instagram says that it had an issue that allowed external parties to request password reset emails for its users. In a post on X, the social media platform says that the glitch is now fixed.
In its announcement, Instagram contradicted a report from last week that claimed the company suffered a major data breach. Antivirus software company Malwarebytes warned its users that sensitive information of 17.5 million Instagram users, including usernames, email addresses, phone numbers, and physical addresses, was offered on the dark web.
Instagram didn’t offer any details about the nature of the issue it has resolved, but it said that there was no breach in its systems and users’ accounts are secure. The X post concluded, “You can ignore those emails — sorry for any confusion.”
Recommended For You
You should still protect your profiles
Even if Instagram’s claims are true and there was no data breach, it’s always a good idea to stay vigilant. If you ever receive a password reset email that you haven’t requested yourself, you shouldn’t react to it. Just delete it, and don’t click any of the links.
How often do you change your passwords?
I don’t change my passwords
0%
Once in a few years
33.33%
Only when there’s an issue with an account
66.67%
Every few months
0%
To keep yourself protected, it’s best to use unique passwords for your accounts and change those regularly. If you haven’t activated two-factor authentication for your Instagram account, it’s best to do it now. You can check what devices are logged into your account in the Meta Account Center, which could help you detect a security issue.
It’s not over yet
Meta still has some explaining to do about the issue. The company hasn’t explained how those external parties can send out authentic password requests to users, nor who those external parties are. I still hope Instagram shares more details about the issue, though I doubt it will happen.
Ilia, a tech journalist at PhoneArena, has been covering the mobile industry since 2011, with experience at outlets like Forbes Bulgaria. Passionate about smartphones, tablets, and consumer tech, he blends deep industry knowledge with a personal fascination that began with his first Nokia and Sony Ericsson devices. Originally from Bulgaria and now based in Lima, Peru, Ilia balances his tech obsessions with walking his dog, training at the gym, and slowly mastering Spanish.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: