Khaberni - Unexpected password reset messages on the Instagram platform over the weekend caused anxiety among users, amid fears of their accounts and personal information being hacked. According to Malwarebytes, up to 17.5 million users were affected by these messages.
Users widely shared concerns on social media about whether their accounts had been hacked, while Instagram later confirmed that its systems were not compromised and that the accounts are completely secure, explaining that the cause of the messages was due to an external party requesting password resets, without accessing any of the company's systems, according to "Thomas Guide."
However, Instagram did not disclose how this external party managed to initiate the requests, amid speculation by some sources, such as CyberInsider, that the incident may be linked to a previous breach in 2024 of the Application Programming Interface (API), which exposed data of more than 17 million users including usernames, phone numbers, and email addresses.
Important Tips for Users
If you receive a password reset message, do not click any link or button inside the message, even if it appears to be from Instagram, as it could lead to phishing sites designed to steal login data.
Instead, it is advised to change your password directly via the app:
- Open the Instagram app and go to settings and activity via the three lines at the top of the screen.
- Choose account center then password and security.
- Click on change password and select the appropriate account if you have more than one.
- Enter the current password and create a new, strong password that includes letters, numbers, and symbols, avoiding the use of personal information that can be guessed. After the change, you will be logged out of all devices and must log in again.
Enabling Two-Factor Authentication
Two-factor authentication (2FA) is a basic security step, as it prevents access to the account without entering an additional verification code. To activate it:
- Go to settings and activity then account center then password and security then two-factor authentication.
- Choose your account and select the preferred method.
It is preferable to use authentication apps such as Google Authenticator or Authy, as they provide better protection than text messages, which can be vulnerable to phone number hacking. After activating two-factor authentication, the system will request your password and verification code for any login from an unknown device, greatly enhancing the security of your account.
