A major social media platform is once again facing a data breach crisis. On the dark web BreachForums, a seller named Solonik posted a data package containing information on 17.5 million Instagram users, including phone numbers, email addresses, and even precise home location coordinates. The cybersecurity team Malwarebytes has confirmed the authenticity of the data—although the package is not password-protected, this information is enough for malicious actors to build a "targeted hunting list."

What will happen next? If you've been receiving frequent "Instagram password reset" notifications recently, don't rush to blame system glitches. This is most likely a hacker's probing. They usually start by using your email to trigger the official "forgot password" process, confirming that the account exists and planting anxiety in your mind. When you're overwhelmed, an email that appears to be from official customer support arrives—containing an enticing link that, when clicked, hooks you.

This tactic has already caught some people in social circles. Phishing emails often ask you to re-verify your identity, update payment information, or "confirm account security," but in reality, they are collecting more personal data or directly stealing login credentials. The risk is especially amplified for those who have linked this email to exchanges or wallets. Hackers may seize the opportunity to infiltrate your crypto asset accounts.

A few self-protection tips: When you receive a password reset notification, stay calm—log in directly through the official app instead of clicking links in emails; use different emails and phone numbers for different accounts to prevent a leak from affecting all; enable two-factor authentication on exchange and wallet accounts; regularly check login records and linked device lists. Such large-scale data breaches happen frequently, so staying vigilant is always beneficial.