Technology

Instagram password reset surge: Protect your account

Published

2 months ago

January 16, 2026

Instagram password reset surge: Protect your account

NEWYou can now listen to Fox News articles!

If your inbox suddenly shows an Instagram “Reset your password” email you never requested, you are not alone. A wave of unexpected reset messages is hitting people right now, and attackers are betting you will panic, click fast and make a mistake.

Here is the tricky part. Many of these emails are real. They can come directly from Instagram because someone triggered the legitimate password reset flow. That makes the alert feel extra convincing, even when you did nothing wrong.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

FACEBOOK, INSTAGRAM ARE USING YOUR DATA TO TRAIN AI: LEARN HOW TO PROTECT IT

Unexpected Instagram password reset emails can look completely legitimate, which is why so many users are caught off guard during this surge. (Cyverguy.com)

Why Instagram password reset emails are surging

This surge is happening because the reset emails themselves can be real, even when the intent behind them is not. Instead of building fake phishing pages or using malware, attackers take advantage of Instagram’s normal account recovery system.

The process is simple. An attacker enters your username or email into Instagram’s real password reset form. Instagram automatically sends a legitimate reset email to you. The attacker then waits to see how you react.

At this point, your account has not been hacked. The risk comes from what happens next. Attackers are counting on common mistakes, such as clicking the reset button and rushing through the process, reusing a weak password, getting redirected to a fake follow-up page or falling for a second scam email that arrives soon after.

That is why this tactic works as a stress test. It creates urgency and pressure, even though nothing has been compromised yet.

Why attackers love this tactic

This is classic social engineering. The attacker does not need to outsmart Instagram. They need to outsmart you in a stressed moment. A reset email creates urgency. It also feels official. That combination leads people to click first and think second, which is exactly the outcome attackers want. You can treat these surprise reset emails as an early warning system. If you get one:

Someone may know your username or email
Your account could be on a target list from a leak or scrape
Your current security setup will decide whether this stays annoying or turns into a takeover

If an email pressures you to act immediately, threatens account deletion or asks for extra information, treat it as suspicious.

The BreachForums leak connection

The timing of this surge has raised fresh concerns. Reports point to data tied to roughly 17.5 million Instagram accounts being shared on BreachForums, an underground forum where cybercriminals trade and discuss stolen data. The alleged post appeared in early January 2026, which lines up with when many users began reporting a sudden wave of password reset emails, sometimes receiving several in a short period of time.

This timing alone does not prove a direct connection. However, leaked usernames or email addresses can make it much easier for attackers to target large numbers of accounts at once, which is exactly what this kind of reset spam depends on. We reached out to Meta for comment but did not receive a response before our deadline.

We reached out to Meta for comment, and a spokesperson for the company told CyberGuy, “We fixed an issue that allowed an external party to request password reset emails for some Instagram users. We want to reassure everyone there was no breach of our systems and people’s Instagram accounts remain secure. People can disregard these emails and we apologize for any confusion this may have caused.”

How to tell if the reset email is legitimate

A legitimate Instagram reset email can still be part of an attack attempt. So your goal is not “confirm it is real,” it is “avoid reacting in a risky way.” Instagram’s own guidance boils down to this:

A reset email alone does not mean your account is compromised
If you did not request it, do not use the link
Use Instagram’s official paths in the app to review security and report suspicious messages

Also, if you get emails about changing your account email address, Instagram says those messages can include a way to reverse the change, which can help you recover if someone broke in.

These real-looking messages are designed to create urgency and push people to click before slowing down and checking their account security. (Cyverguy.com)

What a real Instagram password reset email looks like

A legitimate reset email usually has these elements:

Sender: Comes from an official Instagram domain, such as security@mail.instagram.com
Subject line: Often says “Reset your Instagram password” or “Password reset request”
Instagram branding: Logo at the top with clean formatting
Call to action button: A button like “Reset Password”
Reassurance text: A line explaining that if you did not request this, you can ignore the email and nothing will change
Safety option: Language telling you how to report the email if you did not initiate it

This is why the current surge is so effective. The emails look normal and arrive from real Instagram systems.

META ENDS FACT-CHECKING PROGRAM AS ZUCKERBERG VOWS TO RESTORE FREE EXPRESSION ON FACEBOOK, INSTAGRAM

What Instagram reset alerts can look like inside the app

You may also see security messages directly in Instagram, such as:

Login attempt alerts
Notifications about a password reset request
Prompts asking you to confirm a login from a new device

These in-app alerts are generally safer to interact with than email links, especially during a surge.

What scammers rely on

Attackers are counting on one thing: panic. When users see a reset email they did not request, many rush to click before reading the fine print. That fast reaction is what turns a harmless reset request into a real account takeover.

What to do right now if you get a reset email you did not request

So, what should you do if one of these password reset emails lands in your inbox? Take a breath first. Then do this.

1) Do not click the button in the email and use strong antivirus software

Even if the message looks real, treat it like a hot surface. If you want to change your password, do it from the Instagram app or by typing Instagram’s address into your browser yourself. Strong antivirus software adds another layer of protection here. It can help block malicious links, fake login pages and follow-up scams that often appear during a reset email surge.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

2) Check your Instagram security activity in the app

Open Instagram and look for signs someone tried to log in:

Unknown devices
Login alerts you do not recognize
Changes to email, phone number or linked accounts

If anything looks off, remove the device and update your credentials.

3) Turn on two-factor authentication (2FA) and keep it on

Two-factor authentication (2FA) is the biggest roadblock for account takeover. Even if someone knows your password, they still need your code to get in from an unfamiliar device. Instagram has pushed 2FA heavily for higher-risk accounts and urges users to enable it. Use an authenticator app if you can. It is often safer than SMS.

4) Change your password if you feel unsure

If you suspect someone guessed your password, or you reused it elsewhere, change it. Make it long and unique. A password manager can help you generate and store strong passwords without reusing them. Then update the password on your email account too. Your email inbox controls most password resets, so make sure it also uses a strong, unique password.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

5) Use a data removal service to reduce targeting

Password reset surges often follow data leaks. When your email address and personal details appear on data broker sites, attackers can target you more easily. A data removal service helps limit where your information shows up online. By shrinking your digital footprint, you reduce the chances of being singled out during large-scale reset email attacks.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

The safest response is to avoid email links, open the Instagram app directly and review login activity and security settings instead. (Kurt “CyberGuy” Knutsson)

6) Watch for follow-up scams

After a reset surge, criminals often switch tactics. Next, you may see:

Fake “Instagram Support” emails
DMs claiming your account will be deleted
Login approval prompts you did not trigger

Slow down and verify everything inside the app.

Kurt’s key takeaways

A spike in Instagram password reset emails feels scary because it looks like someone is already inside your account. Often, they are not. Still, the surge is a reminder to tighten your basics. Use the app to check security. Turn on two-factor authentication. Change the passwords you reused. Most importantly, do not let an unexpected email rush you into the one click that hands over access.

Have you received an unexpected Instagram password reset email recently, and how did you handle it? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Related Topics:email Featured Hackers Instagram

Click to comment

Technology

How the spiraling Iran conflict could affect data centers and electricity costs

Published

6 hours ago

March 11, 2026

Press Room

How the spiraling Iran conflict could affect data centers and electricity costs

Soon after the Trump administration launched its war on Iran, I called up Reed Blakemore, director of research and programs at the Atlantic Council Global Energy Center, to talk about the consequences. While oil and gas prices were already on the rise, there was still more hope then that the impact of the conflict might be short-lived. At the end of our conversation, Blakemore said plainly: “Let’s have a call again [next week] … We’ll have a much clearer picture of what the conflict is going to look like and what the story really is going to be for energy moving forward.”

Energy infrastructure has become a key leverage point in the unfolding war

It’s a week later and the conflict has only escalated since the US and Israel launched strikes against Iran, killing Supreme Leader Ayatollah Ali Khamenei. Energy infrastructure has become a key leverage point in the unfolding war, with Israel hitting Iranian fuel depots and Iran targeting Gulf neighbors’ oil and gas infrastructure in its own strikes. Iran’s paramilitary Revolutionary Guard threatened on Tuesday not to “not allow the export of even a single liter of oil from the region to the hostile side and its partners until further notice.” Iran has reportedly also started to lay mines in the strategic Strait of Hormuz, through which one-fifth of global petroleum consumption and liquefied natural gas (LNG) trade used to move.

I talked to Blakemore again today about what Iran’s continued chokehold on the Strait of Hormuz means for energy costs and US tech companies’ rush to build out energy-hungry AI data centers.

This interview has been edited for length and clarity.

What’s your outlook now on how the conflict is likely to affect oil and gasoline prices?

Reed Blakemore: The fundamental issue right now, in terms of the energy implications of the conflict, is how the market is reacting to the uncertainty around safe passage through the Strait of Hormuz.

At the outset of the conflict when we saw insurance premiums going up for these ships, we were largely talking about it in the context of, Hey, it’s just gotten much more expensive for a ship to traverse the Gulf and therefore they’re staying out.

We’ve moved from that to actual concerns around the security of passing through the straits in the first place, so this is no longer an insurance cost issue as much as it is a safety and security issue.

We have virtually no traffic passing through the Strait of Hormuz. A lot of countries are beginning to shut in production. So there’s already this ripple effect emerging purely because the market and basically tankers are fundamentally concerned about whether or not they will be able to safely pass through the strait.

“There’s only so much that US energy dominance can do to shield US consumers”

The other feature that I think we’ve seen the market react strongly to in the past several days is a sense of how long this conflict is going to last. And I think you can look to the comments from the president in the last 72 hours and the market’s reaction as a major piece of evidence to that end. Moving into the weekend where the campaign had clearly escalated, the uncertainty around how open the Strait of Hormuz would or wouldn’t be was beginning to reach a fever pitch. The response from markets when they opened in Asia on Sunday going past $100 a barrel to nearly $120 a barrel is really a function of the market not having a sense that this would be over anytime soon. That pullback that we saw over the course of yesterday was in response to the president saying fundamentally that Hey, we have an end in sight to this conflict.

The United States is a major oil producer. I think the strategy of US energy dominance played a significant role in terms of shielding US consumers from the initial market consequences of the decision to go to war with Iran. The price increases we’ve seen thus far would have been much more responsive to the market volatility. That has bought the administration a little bit of time as it relates to how long until we see the gasoline prices really begin to pick up steam domestically. But as this conflict persists and the volatility in the market continues, we will begin to see upward pressure on gasoline prices, regrettably, over time.

There’s only so much that US energy dominance can do to shield US consumers from what is a globally traded market in terms of oil. Because the United States is a major domestic oil producer, it has the ability to put some downward pressure on its own gasoline prices.

But because via its oil exports it participates in a global market, it has that exposure to global oil market volatility.

Can we expect electricity prices to go up also? Why?

For the United States, the gas story is a little bit better, but not immune from the global market as well. Natural gas is largely regionally traded within the United States. The US is a major producer of natural gas for domestic consumption in a way that further insulates it. That makes the case of the United States much different than the gas price sensitivity we’re seeing in Europe or in Japan or other parts of East Asia.

The problem is similar to the oil story because the United States is a major LNG exporter. As natural gas prices increase elsewhere, LNG exporters will be incentivized to export more gas because that’s where the arbitrage opportunity is, and that will create the upward price pressure domestically in the United States.

What risks does that pose to tech companies and this push to build out more AI data centers and related energy infrastructure?

In the United States, the majority of the data center buildout has begun to be powered by natural gas. We’re not going to see electricity prices reach a crisis point in the United States in the short term because of this conflict. The time horizon that we’re talking about with gas and therefore electricity prices is likely in the time horizon of months rather than weeks you’d expect with oil.

However, the longer this conflict lasts and the more tightness we see in the global gas market — that will eventually permeate the United States and create that upward pressure on gas prices in a way which then affects electricity prices and then that brings the data center question into play.

I think the unique thing is it doesn’t necessarily affect the ability of data centers to purchase energy. Electricity costs are a relatively marginal proportion of the cost of building and operating a data center. What it does do is it only further inflames the energy affordability challenges that are currently deteriorating social license in the country for data centers. So the impact on electricity prices likely won’t directly harm data center buildout. The ancillary affordability challenges it will create will further entrench popular discontent with data center buildout, because data centers are simply making consumer electricity bills much more expensive.

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Justine Calma

Technology

Burger King AI listens to workers

Published

7 hours ago

March 11, 2026

Press Room

NEWYou can now listen to Fox News articles!

The next time you pull up to the drive-thru at Burger King, you may notice something different. The greeting might sound warmer. The thank you might feel extra intentional. That could be Patty. The company is expanding a new AI-powered assistant that listens to employee headset interactions and tracks how staff speak with customers. The goal, according to executives, is simple. Create friendlier restaurants and smoother operations. But the rollout raises a bigger question. When does coaching become monitoring?

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter

BURGER KING MAKES CHANGES TO SIGNATURE WHOPPER FOR FIRST TIME IN NEARLY A DECADE

Burger King is rolling out an AI assistant named Patty to monitor employee drive-thru greetings and track customer interactions. (Eva Marie Uzcategui/Bloomberg via Getty Images)

What is Burger King’s Patty AI assistant and how does it work?

Burger King’s Patty AI assistant runs on technology from OpenAI. In practice, it listens for key phrases such as “Welcome to Burger King,” “Please” and “Thank you.” It then compiles that information into reports so managers can measure how consistently staff use polite language. Although company leaders say it is not recording every conversation, they frame it as a coaching tool designed to reinforce service standards.

Beyond tracking manners, Patty also supports daily operations. For example, it can answer questions about how many bacon strips go on a sandwich or how to clean specific equipment. In addition, it flags inventory shortages and alerts managers when machines stop working. It even tracks how often employees tell customers an item is unavailable, which can highlight supply gaps.

As a result, that data has already influenced menu decisions, including the return of apple pie after its removal in 2020. Taken together, Patty functions as a manners coach, kitchen assistant and data analyst rolled into one.

From pilot program to nationwide push

Burger King began testing Patty at about 100 U.S. locations last year. Now the company plans to expand to roughly 500 stores, with a goal of rolling it out nationwide by year’s end.

And Burger King is not alone. Rivals like Wendy’s, Taco Bell, McDonald’s, Pizza Hut and KFC have all tested AI in some form. Some experiments focused on automated ordering. Others used AI to streamline drive-thru operations.

Results have been mixed. Customers have praised the faster service. They have also complained about glitches and awkward robotic interactions. Burger King’s version stands out because it focuses on employee behavior, not just customer convenience.

TACO BELL TOPS NEW DRIVE-THRU SPEED RANKINGS, AND CHICK-FIL-A WINS ON SATISFACTION

Fast-food chains are increasingly turning to artificial intelligence to streamline service and boost efficiency. (Jeffrey Greenberg/Universal Images Group via Getty Images)

Coaching tool or digital hall monitor?

Burger King says Patty exists to help managers coach teams and improve hospitality. Executives argue that customers want a warmer experience. Data simply helps restaurants measure it.

Yet social media reaction tells a different story. Some critics say constant monitoring creates pressure. They worry about employees having a bad day and getting flagged for forgetting a single word. Others describe it as surveillance disguised as support.

This tension reflects a larger trend in the workplace. AI increasingly measures performance in warehouses, offices and retail counters. Now it is moving into fast-food headsets. The real debate is not about politeness. It is about power.

The bigger AI trend in fast food

Fast-food chains operate on razor-thin margins. Small efficiency gains matter. If AI reduces waste, speeds up service and improves customer satisfaction, companies will keep investing. At the same time, public opinion matters. Customers say they value authenticity. Employees want fair treatment. The companies that succeed will need to balance both.

FAST-FOOD RESTAURANTS USING NEW TECHNOLOGY TO RESHAPE HOW CUSTOMERS PLACE ORDERS

Burger King plans to expand Patty to 500 U.S. stores this year, with a nationwide rollout targeted by year’s end. (Justin Sullivan/Getty Images)

What this means to you

If you are a customer, you may notice friendlier greetings and fewer out-of-stock surprises. AI can help restaurants restock faster and fix broken machines sooner. That could mean shorter lines and more consistent menus. If you are an employee, the shift feels different. Every please and thank you becomes part of a data stream. Managers can track patterns instead of relying on occasional observations. For workers, that may increase accountability. It may also increase stress. For the industry, this signals a future where AI quietly runs in the background of nearly every transaction.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com

Kurt’s key takeaways

Technology keeps moving into spaces that once felt purely human. The drive-thru greeting used to be about personality and mood. Now it may be part of a data dashboard. Some will see that as progress. Others will see it as overreach.

If AI can measure kindness, should it? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Technology

Slay the Spire II is even better with a friend

Published

18 hours ago

March 10, 2026

Press Room

Slay the Spire II is even better with a friend

Slay the Spire II launched in early access last week, and it’s already an excellent sequel to one of the best roguelikes of all time. In many ways, it’s very similar to its predecessor. Like Hades II and Hollow Knight: Silksong, Slay the Spire II mostly iterates on an already superb foundation. But it does add online co-op with up to four players. While multiplayer changes the familiar rhythms of Slay the Spire just a bit, it’s still a great way to tackle the arduous climb up the spire.

A round of Slay the Spire II plays essentially the same as the original: In each run, you navigate three different acts across a winding map, slowly making a build by crafting your deck and picking up various perk-giving relics, and fighting enemies, elites, and bosses along the way. Slay the Spire II retains the deliberate, turn-based style of play, meaning that when it’s your turn, you have as much time as you want to decide what to do. Since you can see exactly what your enemies are planning for their next turn, there’s a lot of strategy in deciding how much damage to do and how much defense you might need to set up. Multiplayer adds a slight twist: When it’s your turn, everyone can play simultaneously. That opens up all sorts of new opportunities for planning, but it also requires communication to make sure everyone is using their cards effectively.

My multiplayer partner was my wife, the biggest Slay the Spire fan I know, and on our second run we got a thrilling victory. I played the new Necrobinder character, a necromancer, while she played as the returning Silent, which can make decks built around flurries of shivs. Over the course of the run, we accidentally settled into a strategy where I focused on applying the Vulnerable status to as many enemies as possible before my wife would rain down shivs upon our foes.

Slay the Spire II doesn’t encourage teamwork only in battles. At a campfire rest stop, you can choose to mend a friend’s health to help them out. (Some of the new enemies are tough, so I’m glad this is an option.) You each get a vote on which path to take next on the map. Everyone can draw on the map, too — as I learned many times after seeing the doodles my wife made when I would spend too long in the shop.

Since we had to communicate so much, our winning run took about an hour and a half, slower than how fast I could blast through runs in the first game. When we finally defeated the Act 3 boss, though, it was even more satisfying than most of my solo wins because we did it together. My one complaint is that co-op requires you to each play online on your own copy of the game, and that, because there’s no couch co-op, we each had to play on separate devices even though we were sitting on the couch right next to each other.

Those are annoying tradeoffs, but multiplayer is such a fun addition to Slay the Spire that I don’t mind. I can’t wait to try another multiplayer run and see what challenges — and doodles — are in store for me.