Instagram Password Reset Attacks Surge After Massive Data Lea...

Instagram Password Reset Attacks Surge After Massive Data Leak: How To Stay Safe

A recent surge in Instagram password reset attacks has left millions of users vulnerable, following the exposure of 17.5 million accounts in a massive data leak.

Cybersecurity experts are urging users to take immediate action to secure their accounts and avoid falling victim to these sophisticated attacks.

The breach, first reported by Malwarebytes, revealed sensitive user information, including:

• Usernames
• Email addresses
• Phone numbers
• Partial physical addresses

The data, believed to have originated from an Instagram API leak in 2024, was recently posted on dark web forums, making it accessible to cybercriminals.

Love National? Get more! Join the WIBC 93.1 FM Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Subscribe

We care about your data. See our privacy policy.

While Instagram passwords were not included in the leak, the exposed contact details are sufficient for attackers to exploit Instagram’s password reset mechanism.

Many users have reported receiving unexpected password reset emails, some of which are legitimate while others are part of phishing campaigns.

Attackers are leveraging the leaked data to impersonate Instagram support, tricking users into providing two-factor authentication (2FA) codes or login credentials.

These tactics can lead to account takeovers, SIM swapping, and other forms of identity theft.

Meta, Instagram’s parent company, has acknowledged the issue, stating:

“We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems, and your Instagram accounts are secure.”

However, cybersecurity experts argue that more transparency is needed to reassure users.

Protect your accounts

To protect your account, experts recommend:

• Enabling 2FA using an authenticator app rather than SMS, as this adds an extra layer of security. Watch walkthrough here.
• Verify the legitimacy of any password reset emails and avoid clicking on suspicious links.
• If you receive a password reset email you did not request, it’s crucial to ignore it and report the activity to Instagram.
• Additionally, users are advised to update their passwords, ensure they are unique and strong, and avoid reusing passwords across multiple platforms. Using a password manager can help generate and store secure passwords.

As the investigation into the data leak continues, Instagram users must remain vigilant and proactive in securing their accounts.

By following these steps, you can minimize the risk of falling victim to these attacks and protect your online presence.