Instagram has said it was not breached after users received unexpected password reset emails, as claims circulated online that millions of accounts had been compromised.
Malwarebytes Claim And User Reports
Antivirus firm Malwarebytes posted on Bluesky on Friday that cybercriminals had obtained sensitive information from 17.5 million Instagram accounts. The company shared a screenshot of an email that appeared to come from Instagram, notifying a user of a password reset request. Malwarebytes said the stolen data included usernames, physical addresses, phone numbers, and email addresses, and that the information was being offered for sale on the dark web.
The post warned that the data could be abused by cybercriminals.
Instagram Response
Instagram later posted a statement on X saying it had fixed an issue that allowed an external party to trigger password reset emails for some users. The company said the problem did not involve a breach of its systems. Instagram did not identify the external party or explain how the issue occurred.
The statement said users could ignore the password reset emails and apologised for the confusion.
Featured image credits: Wikimedia Commons
For more stories like it, click the +Follow button at the top of this page to follow us.