- Meta says Instagram password reset emails were triggered by mistake, not a systems breach
- Malwarebytes reported that 17.5 million account details were leaked, possibly from previous API incidents (2022 or 2024).
- Hackers sharing authentic data increases phishing risks; Users are advised to check information directly on meta sites.
Some Instagram users have received unsolicited password reset emails, but the company says it has not experienced a data breach.
Parent company Meta issued a statement saying this was not a data breach and that the accounts were not at risk at all. Instead, it claims that this is a bug that allowed third parties to trigger password reset emails, and that’s it.
“We fixed an issue that allowed a third party to request password reset emails for some Instagram users,” a Meta spokesperson said. “We want to reassure everyone that there was no breach of our systems and that people’s Instagram accounts remain secure. People can ignore these emails and we apologize for any confusion this may have caused.”
When was it stolen?
This follows recent reports from Malwarebytes claiming that unidentified thread actors had stolen data from 17.5 million Instagram accounts.
The stolen data allegedly included user IDs, usernames, email accounts, phone numbers, names, and postal addresses. According to researchers, the data ended up on “numerous hacking forums,” where it was said to have come from a 2024 Instagram API leak.
However, not everyone agrees with this assessment. Some researchers believe that the data was in fact obtained during the 2022 API mining incident. Meta, on the other hand, says it knows nothing of any API incidents in 2022 or 2024.
Regardless of whether the data was stolen in 2022, 2024, or 2026, the fact that hackers are sharing authentic user data on the dark web should be cause for enough concern. With so much information, cybercriminals can send convincing phishing emails, tricking users into sharing their Instagram login credentials, or even those for Facebook and WhatsApp.
To protect yourself against possible attacks, it would be best to simply ignore all emails claiming to come from Meta or its companies and directly verify all information on the respective websites.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
