There Is No Need to Worry About the Security Notification Email From Instagram.
If you’ve received an unsolicited email from Instagram in recent days asking you to reset your password, don’t panic. These messages don’t appear to be the result of a new data leak or account hack, but rather a bug that Meta claims has already fixed.
Following a wave of suspicious account recovery requests, antivirus software provider Malwarebytes issued a warning on January 9th that attackers had stolen personal information from 17.5 million Instagram accounts. As BleepingComputer reports , there have been repeated allegations over the past few years of hackers obtaining Instagram account data through numerous API scraping incidents, but notes that there have been no confirmed incidents or compelling evidence of a new breach. Meta claimed the issue was caused by a bug that allowed attackers to request password reset emails (this bug has since been fixed) and denies any user data was compromised.
Of course, data breaches are not uncommon, and Meta platforms have been targeted in the past. Therefore, you should still practice good digital hygiene and be vigilant against phishing attacks, which may indicate an account compromise.
How to keep your Instagram account secure
If you receive an email requesting an Instagram password reset that you didn’t request, you don’t need to do anything. Simply ignore and delete the message. In general, avoid clicking links in security-related messages that seem urgent or scary (again, unless you initiated account recovery), as these may be phishing attempts aimed at stealing your login credentials or other sensitive information. If you want to change your password or update other security settings for an account, you should go directly to the website or app and do so there.
If you haven’t already, you can (and should) enable two-factor authentication (2FA) for Instagram. In the mobile app, open the menu from your profile page and go to Account Center > Passwords & Security > Two-Factor Authentication . You can choose to receive authorization codes via an authenticator app (such as Google Authenticator or Duo), SMS, or WhatsApp. As I’ve already mentioned, not all 2FA methods are equally effective : SMS codes are particularly easy to forge, so an authenticator app is likely the best option in this case.
Finally, you can check for suspicious devices connected to your Instagram account in Account Center > Passwords & Security > Where You’re Logged In . If you see any devices you don’t recognize, select them and click Sign Out .