Don't Click: Convincing Instagram Password Reset Scam Follows Massive Leak

Did you just get a password reset email from Instagram? It might be a trap. A highly convincing phishing scam is targeting millions of users following reports of a massive data breach involving 17.5 million accounts. What looks like a security alert could actually be the key to losing your account access.

Why the Instagram Password Reset Scam is Going Viral

The alarm was first raised on social media, where a TikTok video by cybersecurity account @ohhackno racked up over 4 million views. Simultaneously, a Reddit thread in a cybersecurity subreddit gained hundreds of upvotes as users shared their close calls. According to Forbes, this sudden surge in activity is directly linked to a leak of 17.5 million Instagram user accounts by a threat actor on BreachForums. The leak provided scammers with a fresh list of targets to exploit through social engineering.

What makes this scam particularly dangerous is its authenticity. Victims report that the emails use legitimate-looking Instagram templates and even appear to come from official Meta addresses. Even tech-savvy individuals have admitted the design is nearly indistinguishable from the real thing.

How to Verify Your Security Emails

If you receive an unexpected reset request, don't click any links. Instead, use Instagram's built-in verification tool. By navigating to your account settings under 'Password and Security,' you can find a section called 'Emails from Instagram.' This feature lists every official communication sent by the platform over the last 14 days. If the email you received isn't on that list, it's a fake. While Meta hasn't released a formal statement yet, experts suggest that hackers are likely after login credentials to sell on the dark web or to use in further phishing campaigns.