Frank Rondel
Instagram users are being hit by a wave of unexpected password reset notifications, a development that coincides with reports of a large-scale data leak involving 17.5 million accounts and a spike in account takeover attempts, reports customreceipt.com via topflop.pl. The activity has drawn attention from cybersecurity researchers as attackers appear to be exploiting legitimate platform mechanisms rather than traditional phishing infrastructure.
With more than 2 billion monthly active users, Instagram remains a prime target for cybercriminals seeking access to high-value accounts. Instead of relying on malicious browser extensions or complex phishing campaigns, attackers are increasingly triggering official password reset requests, betting that recipients will react impulsively. Multiple reset notifications received over a short period are now believed to be linked to a database allegedly posted by a threat actor on BreachForums, containing information tied to 17.5 million Instagram users. The data was reportedly published only hours before the surge in reset requests began.
According to cybersecurity analyst Davey Winder, the reset emails themselves are genuine messages sent by Instagram rather than spoofed communications. This distinguishes the current activity from common phishing campaigns powered by phishing-as-a-service platforms. The emails clearly state that ignoring the message will leave the account password unchanged and advise users to report the request if they did not initiate it. Attackers are instead relying on urgency and user distraction to prompt clicks on the reset button.
Instagram notes that receiving a password reset notification does not automatically indicate that an account has been compromised. In some cases, the request may be the result of a simple error, such as another user mistyping a username or email address. However, the timing of the BreachForums post has increased concern that coordinated attack attempts are underway.
The platform emphasizes that two-factor authentication remains a critical defense. When enabled, it requires an additional verification code if a login attempt is made from an unrecognized device. Instagram has confirmed that two-factor authentication is enabled by default for creator accounts and urges users to verify that the feature has not been disabled. This additional layer significantly reduces the likelihood of a successful account takeover, even if a password reset link is clicked.
If a user suspects that an attacker has already gained access and normal login is no longer possible, Instagram recommends initiating the account recovery process through its official support channels. The company has not yet released a detailed statement addressing the reported BreachForums leak, but further guidance is expected as the situation develops.
Earlier we wrote about how to Cancel a Subscription in the Apple Store and Get a Refund in USA.