Have you been receiving daily emails asking to reset your password, even though you never requested it? This is common for many Instagram users, causing confusion and fear of a potential security breach.
However, the short answer is no, your account is not at risk. This is a security feature of Instagram to ensure the safety of your account.
Hackers can access your account through the password reset process by tricking you into sending them the reset link. The "forgot my password" process generates a link that allows the password to be reset. If the link is sent to a hacker, they can use it to change the password and gain access to the account.
To understand this better, try logging out of your Instagram account and clicking on the "Forgot My Password" button. If you enter any username, Instagram will send an email to that user asking if they requested a password change. This feature is there to protect your account if you ever forget your password.
While it may be annoying to receive these emails on a daily basis, it is important to remember that it is a security feature and not a cause for alarm. Keeping your account safe should always be a top priority; this feature is just one way that Instagram works to do that.
How to check if the reset password email from Instagram is legit?
Remember to never click links sent by ‘the platform’ without verifying if Instagram sent the email.
Don’t try to figure out if it was sent from the real Instagram domain (big companies use MANY different domains to communicate with clients).
Always open your app and go to Settings → Security → emails from Instagram. There you’ll see all official communication from the platform.
Now there are three options -
- Instagram sent the email, and you did ask to reset your password - you can click on the link and change your password.
- Instagram sent the email, but you didn’t ask to reset your password - you can ignore it (and be more suspicious about following an email from Meta if it could be phishing or a scam).
- Instagram didn’t send the email, and you didn’t ask to reset your password - it’s a phishing email, so ignore it.
How can hackers gain access to your account using the ‘forgot my password’ process?
Whenever you (or anyone else) initiate the ‘forgot my password’ process, you’ll get a link that’ll reset your password once you click on it.
Anyone can use this link to reset your password, which is why hackers are trying to get you to send the link to them. Once you send over the link to the hacker, they’ll be able to use it to reset your password.
Usually, we see this scam in the form of a ‘vote for me scam’ (where a person asks you to vote for them through a link, but instead of clicking the link to send the link to them). It might also be a ‘friend’ or ‘family member’ (which is the hacker), trying to scam you. That link can usually be used only once and will provide access to that person if given to them.
Don’t share links sent to you by a person with anyone.