Instagram denies data breach, blames reset glitch
Instagram denied any security breach after some users received suspicious password reset requests, countering claims by antivirus firm Malwarebytes of data theft from 17.5 million accounts.
Malwarebytes posted on Bluesky on Friday, sharing a screenshot of an email from Instagram notifying users of a password reset request. The post stated verbatim, “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.” Malwarebytes further noted that this stolen data is available for sale on the dark web and can be abused by cybercriminals.
Instagram responded on X, formerly Twitter, announcing that it had fixed an issue allowing an external party to request password reset emails for some users. The company provided no details about the identity of the external party or the nature of the technical issue. Instagram’s post ended with the statement, “You can ignore those emails — sorry for any confusion.”