Why is Instagram sending password reset emails to users? Here’s everything to know

Instagram has been hit by a major security breach, and the users have been receiving password reset emails. This surge in activity is linked to a massive data leak involving the personal information of approximately 17.5 million accounts.

Users are advised to exercise extreme caution before interacting with unsolicited messages as cyber criminals are actively manipulating the platform’s security features.

Experts warn that clicking the Reset password button in a phishing email can provide the additional information needed to gain full access to users 'accounts.

According to The Independent, the email had a blue “Reset Password Button” along with a message: “If you ignore this message, your password will not be changed. If you didn’t request a password reset, let us know.”

Sensitive data from over 17 million Instagram accounts has apparently been leaked by a threat called “Solonik”.

The tech publication CyberInsider has confirmed that this data was stolen during an API leak in 2024, where hackers are circumventing security protections to extract any information they could access.

But on Sunday, Meta moved to reassure users that there had been no breach and that accounts remain secure.

A spokesperson said: “We fixed an issue that allowed an external party to request password reset emails for some Instagram users.”

“We want to reassure everyone there was no breach of our systems and people’s Instagram accounts remain secure.”

The platform continues to recommend all users enable two-factor authentication to protect their accounts.

Users can go to their Instagram settings and remove any third-party apps or websites that have “Authorized Access” to their accounts.