SAN FRANCISCO— While millions of Instagram users globally have been expressing fear the social media platform had been breached and their data exposed, the company said that is not the case.
The worries arose after many users received unexpected password reset emails, followed by reports that millions of account records were now available online.
According to TechCrunch, the concern began after users in multiple countries said they were getting legitimate-looking security emails from Instagram telling them to reset their passwords, despite not initiating such requests. The unsolicited messages sparked widespread speculation on social media and in other forums.
At the same time, the cybersecurity firm Malwarebytes reported finding a dataset allegedly tied to about 17.5 million Instagram accounts being shared on dark-web forums, according to TechCrunch. The company said the information includes usernames, email addresses, phone numbers and, in some cases, partial physical addresses — though not account passwords — and warned that such details could be used for phishing, identity theft and targeted scams.
Data Posted on Sites
The report said the purported leak is believed to stem from an Instagram API exposure originally recorded in 2024, and the data was posted in early January on hacker forums, cybersecurity analysts told the publication.
Meta Platforms Inc., Instagram’s parent company, said in response that its systems have not been breached. In a post on X, Meta said the recent password reset emails were the result of a technical issue that allowed external parties to trigger reset requests, not a sign of unauthorized access to Instagram’s networks, and stressed that “there was no breach of our systems” and that user accounts are secure. The company urged users to ignore unsolicited reset emails.
