Last week, a wave of Instagram users reported receiving unexpected password reset emails, sparking fears of an Instagram data breach. The complaints triggered concerns about a large-scale data leak. On Friday, cybersecurity firm Malwarebytes linked the activity to a breach that allegedly exposed data from 17.5 million Instagram users worldwide.
Malwarebytes claimed that the leaked data included usernames, physical addresses, phone numbers, and email addresses. However, on Sunday, Meta refuted the reports suggesting that nearly 17 million Instagram accounts were exposed, asserting that its systems had not been breached and that user accounts remained secure.
Malwarebytes said, "Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.This data is available for sale on the dark web and can be abused by cybercriminals."
A Meta spokesperson, in talks with Hindustan Times, denied breach claims, stating that the company had fixed an issue that allowed external parties to trigger password reset emails for some Instagram users. Meta clarified that this did not involve unauthorized access to its accounts and assured users they could safely ignore the emails, apologizing for the confusion.
“We fixed an issue that allowed an external party to request password reset emails for some Instagram users. There was no breach of our systems, and people’s Instagram accounts remain secure,” the spokesperson said.
In response to the allegations, numerous Instagram users turned to social media to recount their experiences. One wrote on X, "I’ve been getting meta emails about changing my password the last like 2 weeks."
Another said, "I got the email that mine was accessed last night. Immediate changed my password."
A third added, "Can confirm, got 2 password resets and checked to see my stuff on the data breach, change your passwords."
Despite Meta's denial of a breach, cybersecurity experts urge users to stay vigilant. They recommend enabling two-factor authentication, refraining from clicking links in suspicious emails, and regularly reviewing security settings. As an added precaution, users could consider changing their passwords, particularly if they've received similar emails.