Daily NewsCyber Crime & ForensicCyber Safety

Instagram Users Report Widespread Password-Reset Emails, But Experts Preaching Vigilance

When the Not Doing Anything Is Sometimes the Best Course of Action

Did you receive a password-reset email from Instagram?

If you did and didn’t actually request one, it might be best to sit back, relax, and do nothing.

That is the recommendation of security experts in the wake of reports that a growing number of Instagram users have been receiving password-reset emails. Some have reportedly received multiple emails of this nature within minutes.

A Cyberattack That Isn’t?

Then again, it is natural to worry, especially if you are using Instagram for business purposes. After all, the timing of this spike in password-reset emails coincides with a supposed data leak on BreachForums, a well-known hacking forum.

But, at least according to security researchers, there is little evidence that this situation constitutes a cyberattack—at least not yet. However, cyberattackers are using these requests to deliberately unsettle users and push them into reacting in haste.

The end goal, apparently, is for users to get spooked enough to act hastily and possibly overlook basic cyber hygiene, like thinking of strong passwords and enabling extra protection such as two-factor authentication. In turn, accounts with a weak password and no extra protection would be easier to hack.

The Instagram Connection and What to Do

Herein lies the problem. While seemingly simplistic by nature, this tactic could, in theory, work very well. That is because the email is legitimate, as it actually comes from Instagram. This alone lowers suspicion and heightens the urgency to act on the request.

Even if the tactic results in a minuscule success rate for threat actors, the sheer scale of Instagram—some 3 billion active users monthly—will still ensure a big payoff in the long run. With all that being said, what is the best course of action when one receives a password-reset email from Instagram?

  1. Don’t panic. Even more important, don’t click anything.

  2. Read the message as calmly as possible.

  3. If you didn’t request a reset, ignore it.

  4. Check that you have enabled two-factor authentication.

  5. If you feel uneasy, do change your password—but make sure to think of a strong one.

Ultimately, the safest response is often the least reactive one. By staying calm, verifying your security settings, and avoiding impulsive clicks, you deny cybercriminals the very reaction they are hoping to exploit. In an environment where panic is the weapon of choice, patience and good cyber hygiene remain your strongest defence.

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Disruptive Tech Asia and Disruptive Tech News online portals. He also contributes to Cybersecurity ASEAN and Data&Storage ASEAN, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *