Over the weekend, Instagram users faced a scare when numerous individuals received unexpected password reset emails seemingly from Instagram. Initially thought to be phishing attempts, Mashable confirmed that many of these messages were indeed authentic. Instagram reported it had fixed a bug that enabled an outside party to send these unnecessary emails, reassuring users that no accounts were compromised and instructing them to delete the emails.

To look into the issue, Mashable analyzed the email for signs of phishing. The email came from [email protected], a verified address from Instagram, although users should remain cautious of similar fake addresses. The email’s footer was consistent with legitimate Instagram correspondence, and hovering over the “Reset password” link showed a real Instagram URL.

Phishing emails usually have mistakes, but this one was free from errors and accurately branded. Mashable confirmed the email’s legitimacy by comparing it to a user-initiated password reset email, discovering they were identical.

Instagram’s “Recent emails” feature, which usually tracks official communications, did not include these reset emails, which fueled initial doubts. Nevertheless, the emails were authentic, sent indirectly by a third party. Clicking the links was safe, although users are always advised to confirm email authenticity before proceeding.

For additional safety, users are encouraged to consult guides on recognizing phishing scams.