You Don’t Need to Worry About That Security Email From Instagram
If you received an unsolicited password reset email from Instagram in the past few days, you don’t need to panic. These messages do not appear to be the result of a new data breach or account compromise, but rather a bug that Meta claims to have now fixed.
Following a wave of suspicious account recovery requests, antivirus software provider Malwarebytes issued a warning on January 9 that malicious actors had stolen personal information from 17.5 million Instagram accounts. As BleepingComputer reports, there have been various allegations that hackers obtained Instagram account data from several API scraping incidents over the past few years, but it notes that there have been no confirmed incidents or definitive evidence of a new breach. Meta said the problem was the result of a bug that allowed bad actors to request password reset emails, which it has since fixed, and denies that user data was actually compromised.
Of course, data breaches are not uncommon and Meta platforms have been targeted in the past. You must therefore always practice good digital hygiene and remain vigilant against phishing attempts which could indicate a compromise of your account.
How to secure your Instagram account
If you receive an Instagram password reset email that you didn’t request, you don’t need to do anything with it. You can simply ignore and delete the message. In general, you should avoid clicking on links in security-related messages that seem urgent or scary (again, if You did not initiate account recovery), as these may be phishing attempts designed to steal your credentials or other sensitive information. If you want to change a password or update other security information for an account, you must go directly to the website or app and do it here.
What do you think of it so far?
If you haven’t already, you can (and should) enable two-factor authentication (2FA) for Instagram. On the mobile app, open the Menu from your profile page and navigate to Account Center > Password & Security > Two-Factor Authentication. You can choose to receive login codes via an authenticator app (like Google Authenticator or Duo), SMS, or WhatsApp. As I’ve written, not all 2FA methods are equal: SMS codes are particularly easily phished, so an authenticator app is probably your best option here.
Finally, you can search for suspicious devices connected to your Instagram account under Account Center > Password & Security > Where you are logged inn. If you see devices you don’t recognize, select them and tap Log out.
