Comment by selfwealth

It may be irrelevant, but yesterday, I received the following email:

"Hi xxx,

The phone number +963xxxxxxx was added to your Instagram account at 18:11 (PDT) on Sunday, May 31 2026.

If you didn't add a phone number, you can secure your account here."

This is notably different from the standard message that I get when I change my phone number the normal way: "Someone tried to modify settings on your Instagram profile.

If this was you, use the following code to confirm your identity:"

Thankfully, I was able to recover it (still can't log in to threads for some reason), but people should be aware of an ongoing exploit that allows them to switch recovery methods without authentication.