Technology
Instagram password reset surge: Protect your account
NEWYou can now listen to Fox News articles!
If your inbox suddenly shows an Instagram “Reset your password” email you never requested, you are not alone. A wave of unexpected reset messages is hitting people right now, and attackers are betting you will panic, click fast and make a mistake.
Here is the tricky part. Many of these emails are real. They can come directly from Instagram because someone triggered the legitimate password reset flow. That makes the alert feel extra convincing, even when you did nothing wrong.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
FACEBOOK, INSTAGRAM ARE USING YOUR DATA TO TRAIN AI: LEARN HOW TO PROTECT IT
Unexpected Instagram password reset emails can look completely legitimate, which is why so many users are caught off guard during this surge. (Cyverguy.com)
Why Instagram password reset emails are surging
This surge is happening because the reset emails themselves can be real, even when the intent behind them is not. Instead of building fake phishing pages or using malware, attackers take advantage of Instagram’s normal account recovery system.
The process is simple. An attacker enters your username or email into Instagram’s real password reset form. Instagram automatically sends a legitimate reset email to you. The attacker then waits to see how you react.
At this point, your account has not been hacked. The risk comes from what happens next. Attackers are counting on common mistakes, such as clicking the reset button and rushing through the process, reusing a weak password, getting redirected to a fake follow-up page or falling for a second scam email that arrives soon after.
That is why this tactic works as a stress test. It creates urgency and pressure, even though nothing has been compromised yet.
Why attackers love this tactic
This is classic social engineering. The attacker does not need to outsmart Instagram. They need to outsmart you in a stressed moment. A reset email creates urgency. It also feels official. That combination leads people to click first and think second, which is exactly the outcome attackers want. You can treat these surprise reset emails as an early warning system. If you get one:
- Someone may know your username or email
- Your account could be on a target list from a leak or scrape
- Your current security setup will decide whether this stays annoying or turns into a takeover
If an email pressures you to act immediately, threatens account deletion or asks for extra information, treat it as suspicious.
The BreachForums leak connection
The timing of this surge has raised fresh concerns. Reports point to data tied to roughly 17.5 million Instagram accounts being shared on BreachForums, an underground forum where cybercriminals trade and discuss stolen data. The alleged post appeared in early January 2026, which lines up with when many users began reporting a sudden wave of password reset emails, sometimes receiving several in a short period of time.
This timing alone does not prove a direct connection. However, leaked usernames or email addresses can make it much easier for attackers to target large numbers of accounts at once, which is exactly what this kind of reset spam depends on. We reached out to Meta for comment but did not receive a response before our deadline.
We reached out to Meta for comment, and a spokesperson for the company told CyberGuy, “We fixed an issue that allowed an external party to request password reset emails for some Instagram users. We want to reassure everyone there was no breach of our systems and people’s Instagram accounts remain secure. People can disregard these emails and we apologize for any confusion this may have caused.”
How to tell if the reset email is legitimate
A legitimate Instagram reset email can still be part of an attack attempt. So your goal is not “confirm it is real,” it is “avoid reacting in a risky way.” Instagram’s own guidance boils down to this:
- A reset email alone does not mean your account is compromised
- If you did not request it, do not use the link
- Use Instagram’s official paths in the app to review security and report suspicious messages
Also, if you get emails about changing your account email address, Instagram says those messages can include a way to reverse the change, which can help you recover if someone broke in.
These real-looking messages are designed to create urgency and push people to click before slowing down and checking their account security. (Cyverguy.com)
What a real Instagram password reset email looks like
A legitimate reset email usually has these elements:
- Sender: Comes from an official Instagram domain, such as security@mail.instagram.com
- Subject line: Often says “Reset your Instagram password” or “Password reset request”
- Instagram branding: Logo at the top with clean formatting
- Call to action button: A button like “Reset Password”
- Reassurance text: A line explaining that if you did not request this, you can ignore the email and nothing will change
- Safety option: Language telling you how to report the email if you did not initiate it
This is why the current surge is so effective. The emails look normal and arrive from real Instagram systems.
META ENDS FACT-CHECKING PROGRAM AS ZUCKERBERG VOWS TO RESTORE FREE EXPRESSION ON FACEBOOK, INSTAGRAM
What Instagram reset alerts can look like inside the app
You may also see security messages directly in Instagram, such as:
- Login attempt alerts
- Notifications about a password reset request
- Prompts asking you to confirm a login from a new device
These in-app alerts are generally safer to interact with than email links, especially during a surge.
What scammers rely on
Attackers are counting on one thing: panic. When users see a reset email they did not request, many rush to click before reading the fine print. That fast reaction is what turns a harmless reset request into a real account takeover.
What to do right now if you get a reset email you did not request
So, what should you do if one of these password reset emails lands in your inbox? Take a breath first. Then do this.
1) Do not click the button in the email and use strong antivirus software
Even if the message looks real, treat it like a hot surface. If you want to change your password, do it from the Instagram app or by typing Instagram’s address into your browser yourself. Strong antivirus software adds another layer of protection here. It can help block malicious links, fake login pages and follow-up scams that often appear during a reset email surge.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
2) Check your Instagram security activity in the app
Open Instagram and look for signs someone tried to log in:
- Unknown devices
- Login alerts you do not recognize
- Changes to email, phone number or linked accounts
If anything looks off, remove the device and update your credentials.
3) Turn on two-factor authentication (2FA) and keep it on
Two-factor authentication (2FA) is the biggest roadblock for account takeover. Even if someone knows your password, they still need your code to get in from an unfamiliar device. Instagram has pushed 2FA heavily for higher-risk accounts and urges users to enable it. Use an authenticator app if you can. It is often safer than SMS.
4) Change your password if you feel unsure
If you suspect someone guessed your password, or you reused it elsewhere, change it. Make it long and unique. A password manager can help you generate and store strong passwords without reusing them. Then update the password on your email account too. Your email inbox controls most password resets, so make sure it also uses a strong, unique password.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
5) Use a data removal service to reduce targeting
Password reset surges often follow data leaks. When your email address and personal details appear on data broker sites, attackers can target you more easily. A data removal service helps limit where your information shows up online. By shrinking your digital footprint, you reduce the chances of being singled out during large-scale reset email attacks.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
The safest response is to avoid email links, open the Instagram app directly and review login activity and security settings instead. (Kurt “CyberGuy” Knutsson)
6) Watch for follow-up scams
After a reset surge, criminals often switch tactics. Next, you may see:
- Fake “Instagram Support” emails
- DMs claiming your account will be deleted
- Login approval prompts you did not trigger
Slow down and verify everything inside the app.
Kurt’s key takeaways
A spike in Instagram password reset emails feels scary because it looks like someone is already inside your account. Often, they are not. Still, the surge is a reminder to tighten your basics. Use the app to check security. Turn on two-factor authentication. Change the passwords you reused. Most importantly, do not let an unexpected email rush you into the one click that hands over access.
Have you received an unexpected Instagram password reset email recently, and how did you handle it? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
Google’s Nest Thermostat has hit its best price of the year
If you’re looking for a relatively affordable way to cut down on cooling costs, Google’s Nest Thermostat can help. It’s packed with smart controls and energy-saving features, and right now it’s on sale in white for $79 ($50 off), which is its best price of the year, at Amazon.
The smart thermostat is quick to install and makes it easy to adjust your home’s temperature whether you’re relaxing in bed or on your way home thanks to the Google Home app. You can also create schedules and control it with your voice using Google Assistant, Alexa, or another Matter-compatible voice assistant.
Once it’s set up, the Nest Thermostat can automatically turn the temperature down when you’re away to help reduce unnecessary energy use, while Google’s Savings Finder feature suggests additional ways to save over time. It also monitors your HVAC system and can alert you if something doesn’t seem right, making it easier to stay on top of maintenance before small issues become bigger, more expensive ones. If you’re eligible, Nest Renew can also automatically shift some of your heating and cooling to times when electricity is cleaner or cheaper.
That said, this is Google’s entry-level model from 2020, so you do miss out on some of the premium features found on the latest Nest Learning Thermostat. Unlike the flagship version, it won’t learn your schedule automatically over time, for example, and lacks support for Nest Temperature Sensors that let you prioritize the temperature in a specific room. Even so, if all you want is an easy way to adjust your home’s temperature remotely and potentially lower your energy bills, the Nest Thermostat is still a solid investment at this price.
Technology
Medical identity theft follows you into the doctor’s office
NEWYou can now listen to Fox News articles!
The Justice Department recently charged 455 people in its annual National Health Care Fraud Takedown. The cases involve more than $6.5 billion in alleged false claims. More state Medicaid units took part than in any prior year. Ninety of the accused are doctors or other licensed medical professionals. The DOJ says prosecutors still must prove the charges in court.
Many schemes used other people’s medical identities. Prosecutors also added aggravated identity theft charges in cases across dozens of states. In one case, the co-owner of a Virginia mental health company allegedly paid homeless people with hotel stays. Prosecutors say the company used their Medicaid numbers, then billed Medicaid for crisis services the patients never got.
For the people whose numbers got used, the case file may eventually close. Their medical records may not be so easy to fix. Once someone else’s treatment shows up under your name, it can add wrong information to your chart. It can also use up insurance benefits you may need later. That is harder to undo than canceling a credit card.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
DR OZ WARNS MEDICARE SCAMMERS ARE STEALING BILLIONS — AND YOUR PERSONAL INFORMATION COULD BE NEXT
Medical identity theft can put someone else’s claims, prescriptions or diagnoses into your health records, creating problems that can follow you into a doctor’s office. (iStock)
The identity thief’s treatment gets written into your file
Medical identity theft happens when someone uses your name, Social Security number (SSN), health insurance account number, or Medicare number to see a doctor, fill a prescription, buy medical equipment, or submit a claim, according to the Federal Trade Commission (FTC).
When care is billed under your name, the thief’s health information can blend into yours. The FTC warns that mixed records can affect the care you’re able to get and the benefits you are able to use. A blood type, a drug allergy, a diagnosis, or a prescription that belongs to a stranger can sit in the file a physician reads before treating you.
Data breaches can feed the market for medical identity theft
Hospitals and insurers hold the exact records that make the fraud work, and those records are stolen often. This does not mean every healthcare breach leads to fraud. However, it explains why your insurance number, Medicare number, SSN and medical records can become valuable long after a breach notice arrives.
This spring, NYC Health + Hospitals reported that an intruder had copied files that may have included health insurance information, medical information, biometric data, billing data and other personal information. The breach was later reported to affect roughly 1.8 million current and former patients and employees.
Once a name, SSN, insurance number, Medicare number or medical record reaches a criminal marketplace, it can be resold to operators who bill under someone else’s identity.
Treat your insurance card like a credit card
Your health insurance and Medicare numbers are what these operations need, so the FTC recommends guarding them the way you would a payment card.
- Keep enrollment forms, benefit statements, and prescription labels somewhere secure, and shred them before throwing them out.
- When a doctor’s office asks for your SSN, ask whether it can use another identifier or the last four digits instead.
- Be wary of anyone who calls, texts, or emails offering free braces, genetic tests, or medical supplies in exchange for your Medicare number; several of the schemes in the June takedown billed Medicare for exactly those items.
- If you are on Medicare, create or log in to your secure Medicare account and review your claims. You can also check your Medicare Summary Notice for services, supplies or equipment you do not recognize. If something looks wrong, call 1-800-MEDICARE.
HOSPICE FRAUD USES STOLEN IDENTITIES FOR FAKE PATIENTS
Experts urge patients to treat insurance cards like credit cards and quickly challenge unfamiliar medical bills, claims or benefits notices. (iStock)
Your credit report may never flag this fraud
Because a fraudulent medical claim runs through insurance and provider systems instead of a credit check, it skips the alerts most people rely on.
Here’s what the FTC says you should look out for:
- A bill or an Explanation of Benefits (EOB) statement for care you never received
- A call from a debt collector about a medical debt you do not owe
- A medical collection you do not recognize on your credit report
- A notice from your insurer that you have reached your benefit limit
- A Medicare Summary Notice that lists services, supplies or equipment you never received
What to do first if a medical claim looks wrong
If a bill, EOB or Medicare notice shows care you never received, move quickly and keep everything in writing.
1) Call your insurer or Medicare directly
Call your insurer or Medicare using the number on your card, not a number from a random text, email or voicemail.
2) Get the claim details
Ask for the provider name, date of service, claim number and service details.
3) Request the records in writing
Contact the provider in writing and request the medical or billing records tied to that claim.
4) Report the error
Report the error to your insurer’s fraud department.
5) File an identity theft report
File a report at IdentityTheft.gov if your medical identity was used. That gives you a recovery plan and documentation you may need if fraudulent bills or collections show up later.
6) Save every document
Keep copies of every bill, EOB, letter, portal message, police report and case number.
Correcting a medical file is slower than disputing a charge
Request your records from every provider, clinic, pharmacy, lab and insurer the thief may have used, then report each error in writing. Under HIPAA, a provider generally has 30 days to give you access to your records after a written request, with a possible 30-day extension.
Fixing the record itself can take longer. HHS says a covered provider or health plan usually has up to 60 days to act on a request to amend a medical record, with a possible 30-day extension in certain cases. If the provider or plan created the wrong information, it must amend inaccurate or incomplete information.
There’s one catch, though: a provider may refuse to release records that now contain a stranger’s information, citing that person’s privacy. If that happens, ask for the provider’s privacy officer or patient advocate. You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you do not get your records or an explanation within the required window.
TEXAS DATA BREACH HITS 3M LICENSE CUSTOMERS
Stolen Medicare, Medicaid or insurance numbers can be used to bill for care, medical equipment or prescriptions patients never received. (kali9/Getty Images)
A credit freeze alone won’t stop a claim under your insurance
A freeze blocks new accounts, but it does nothing about a claim filed with your insurance number. Because medical identity theft can move without touching your credit file, monitoring where your personal information appears is the earliest way to act on it.
An identity theft protection service can monitor the dark web, data broker sites and people-search sites for exposed SSNs, driver’s license numbers, medical ID numbers and email addresses. It can also track all three credit bureaus for medical collections that may follow and flag public-record changes tied to your name.
If misuse happens, some services include fraud resolution support to help you request records, dispute fraudulent claims and work with providers, insurers and credit bureaus. Some plans also include identity theft insurance for eligible recovery costs.
No service can prevent every misuse of your medical identity. However, ongoing monitoring may flag exposed information before another person’s treatment reaches your records and your insurance.
See my tips and best picks on Best Identity Theft Protection at CyberGuy.com.
Kurt’s key takeaways
Medical identity theft hits in a place most of us rarely check: our health records. A stolen credit card can usually be canceled quickly. A stolen Medicare or insurance number can create fake claims, wrong diagnoses and benefit headaches that follow you long after the fraud case ends. I would not wait for a credit alert here. Check your EOBs, Medicare Summary Notices and insurer portals for visits, prescriptions or equipment you never received. Also, treat your insurance card like a payment card. Do not give the number to anyone who calls, texts or emails out of nowhere with a free offer. The most important thing is to act fast. Call your insurer or Medicare, ask for the claim details and request your medical records in writing. Then file at IdentityTheft.gov, so you have the paperwork you need if fraudulent bills or collections show up later.
Have you ever spotted a medical bill, insurance claim or EOB for care you never received? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Technology
Meta is reportedly working on smart glasses that would be recording all the time
Meta might be the next company to make an always-on AI wearable. The company is working on prototype “super sensing” always-aware smart glasses that could continuously record audio and snap photos “every few seconds,” according to the Financial Times. The wearer could then ask Meta AI about the captured audio and images.
However, the images and audio might not be directly available to the user. Here’s how the FT describes one way the glasses could use the data:
In one proposed system, raw footage and audio would not be stored by Meta or made available to the user, several people said. Instead, the metadata from that audio and images would be extracted and uploaded to the server for Meta’s AI to query, which proponents argue would have fewer privacy implications.
But currently, Meta is planning for the LED recording indicator to remain off in “super sensing” mode, the FT reports. In a July 2025 whitepaper, the company said that it would reserve the LED indicator for “active capture” scenarios where the user is saving photos or videos, and leave it off during “AI Feature” use — such as scanning a menu — to avoid users becoming too used to the indicator. (If the indicator was on during the “super sensing” mode, it might also be harder to know when the glasses are actually recording video.)
Meta is also discussing if it would use the captured data for training its AI models. It may also bring the “super sensing” features to glasses it has already released, the FT says.
“While we don’t comment on internal prototypes, we’re committed to getting our glasses right because they need to be loved by both people wearing them and those around them,” Meta spokesperson Dave Arnold says in a statement to The Verge. Arnold also notes that “Our approach has been to develop new technologies that will help people throughout their day, with privacy built in from the ground up.”
Meta hasn’t been shy about some type of always-aware glasses being a possibility. CEO Mark Zuckerberg, in the company’s Q1 2026 earnings call, said that he was “really excited to see the glasses evolve from being able to answer questions to being able to be a personal agent that’s with you all day long, helping you remember things and achieve your goals.” In a March blog post about new Ray-Ban Meta glasses, the company wrote that “with ongoing software updates, Meta AI on glasses will transition from something you have to prompt with a question each time, to a more continuous, in-the-moment assistant that can help throughout the day.”
-
Pennsylvania4 minutes agoPA state rep. wants to force the York State Fair to change its name
-
Rhode Island7 minutes agoR.I. leading multi-state lawsuit against Trump administration housing policy – The Boston Globe
-
South-Carolina12 minutes ago
SC is at the top for food waste in the nation. How you can make changes
-
South Dakota19 minutes agoPetition to clarify South Dakota proof of citizenship law shot down over technicality
-
Tennessee22 minutes agoTennessee State men’s hockey cancels 2026-27 inaugural season for second straight year
-
Texas27 minutes agoTed Cruz warns Talarico has ‘real chance’ to flip Texas’ U.S. Senate seat
-
Utah34 minutes agoMan suspected in 2006 Utah murder left suicide note in Las Vegas jail cell: police
-
Vermont37 minutes agoOUTDOOR ACCESS FOR DISABLED IN VERMONT