Overview
- Security writers report ongoing waves of legitimate-looking Instagram password reset messages that can be used to facilitate account takeovers if acted on impulsively.
- Instagram notes such emails can also result from someone mistyping an address, and it advises users to check the sender domain and read the message rather than clicking immediately.
- Instagram recommends two-factor authentication to block unauthorized logins and says it has enabled 2FA by default for creator accounts, urging all users to ensure it remains on.
- Users who cannot access their profiles are directed to instagram.com/hacked to begin the official recovery process to secure the account.
- The Independent describes a recent spike in reset emails and cites reporting that links the timing to a BreachForums post claiming data on 17.5 million accounts, a connection not confirmed by Meta.