Users have reported receiving multiple password reset emails without requesting one.
The reset links appear to be sent from a legitimate Instagram email.
Users have reported receiving multiple Instagram password reset emails. (Supplied)
In the emails, users are told that Instagram has been sent a request to reset their password.
It provides two links: to either reset your password or to “let us know” if you did not request this.
“If you ignore this message, your password will not be changed,” the message reads.
It is claimed Instagram data was stolen in late 2024, which allowed hackers to scrape user profile data from around 17.5 million profiles.
Malwarebytes reported that sensitive information, including usernames, addresses, phone numbers and emails, were scraped in the alleged breach.
Users have advised to ignore any unprompted password reset emails and to avoid clicking the links.
In the emails, users are told that Instagram was sent a request to reset their password. (CNN)
Instagram states that password reset emails may not be a cause for alarm.
“Receiving a password reset email doesn’t necessarily mean that your account has been hacked,” Instagram said on its website.
“For example, when someone is trying to log into their account or reset their password, they may mistype or misremember their email address or username and enter yours by mistake.
“Only people who know your Instagram password or click the login link in this email can log in to your account.”
The Meta-owned social media giant states that official correspondence only comes from @mail.instagram.com.
“If you do have additional security concerns, you may want to reset your password and enable two-factor authentication,” Instagram states.
Meta has not confirmed if there has been a cybersecurity breach impacting Instagram.
Nine.com.au has contacted Meta for comment.