Users should remain on high alert for potential follow-up attacks and exercise particular caution with any form of communication—especially emails or messages that appear to come from Instagram—in the coming weeks, according to Jack Moore, Global Security Advisor at cybersecurity firm ESET. His remarks came in response to a recent incident involving a suspected cyberattack and possible data exposure affecting Meta’s social media platform.
Moore explained that such situations are frequently exploited by cybercriminals seeking to extract additional information from unsuspecting users. He noted that attackers often capitalize on uncertainty following high-profile security scares.
In this context, he advised that password reset emails should generally be ignored unless a user has personally requested a password change. He also warned that fraudsters may attempt to lure individuals into clicking malicious links or downloading harmful attachments, stressing that vigilance remains essential after any security incident, regardless of how much time has passed since the original event.
Moore further emphasized that cybercriminals can inflict significant harm with only minimal personal data. For this reason, he underlined the importance of users being aware of both recent and past data breaches, knowing how to reset their passwords securely, and enabling two-factor authentication to enhance peace of mind and account protection.
Instagram has denied a data breach after many users received unsolicited password reset emails, according to the BBC, attributing the messages to a feature that allows third parties to trigger resets, while insisting accounts remain secure. However, some cybersecurity experts and users remain skeptical, suggesting the emails could stem from a data leak or reused older data, leaving widespread uncertainty over whether the messages were legitimate or phishing attempts.
