Instagram keeps sending you password reset emails either because someone (or a bot) is repeatedly trying to reset your password, or because those emails are generic “login help” messages that Instagram sends when its forms are abused or your address is tied to other accounts.

What’s probably happening

  • Someone is typing your email or username into “Forgot password”
    Bots and random users often hammer Instagram’s reset form, which triggers real reset emails to the address on file even if you never requested it.
  • Your username or email is attractive or easy to guess
    Short, “OG”, or common usernames get targeted a lot because people or bots hope to guess their way into high‑value accounts.
  • Another account might be using your email
    In some cases, an old, forgotten, or even someone else’s account was created with your email (for example via a stolen or reused device), so resets for that account land in your inbox.
  • It may not be a phishing scam, but always check
    Many people confuse real Instagram security emails with scams, but phishing emails also exist that mimic “Reset your password” messages to steal your login.

How to check if your account is under attack

  • Look at the “We got a request to reset your password” email closely:
    • Check the “To:” address to make sure it’s your actual email.
* Hover (don’t click) links and confirm they go to an official instagram.com domain.
  • Open the Instagram app or website and:
    • Go to Settings → Security → Login activity to see if there are logins from unknown locations or devices.
* If you see anything you don’t recognize, assume someone is trying to get in.

What you should do right now

  • Change your password to a strong, unique one
    Use something long and random that you do not reuse on any other site. This prevents anyone who has an old or leaked password from getting in.
  • Turn on two‑factor authentication (2FA)
    Enable 2FA in Instagram’s security settings so that even if someone guesses your password, they still cannot log in without a code from your phone or app.
  • Review and log out of suspicious sessions
    From Login Activity, log out of any devices or locations you do not recognize to cut off existing access.
  • Secure your email account too
    If someone controls your email, they can reset your Instagram password anytime. Set a strong email password and enable 2FA on your email as well.

If the emails won’t stop

  • Use the “Didn’t request this?” option (if visible)
    Some legitimate Instagram emails include a line or button like “If you didn’t request this, you can ignore this email or let us know.” Using that can help Instagram flag the activity.
  • Create an email filter/rule
    Many users who get constant reset messages set a rule that automatically archives or trashes emails containing phrases like “request to reset your Instagram password” so they never see the flood.
  • Consider using a less guessable email for Instagram
    Some people switch the email on their Instagram account to a complex, unguessable address specifically to avoid bots spamming the reset form for that email.

When to really worry

  • You see unknown devices or locations in Login Activity.
  • You receive “new login” or “your password was changed” emails that you did not trigger.
  • Your email security looks weak (old password, no 2FA, reused across sites), which means a hacker could jump from email to Instagram.

In those cases, lock everything down immediately (new passwords + 2FA everywhere) and use Instagram’s “Need more help?” / account recovery steps if you get locked out.

Information gathered from public forums or data available on the internet and portrayed here.