- Meta says Instagram password reset emails were triggered by an error, not a systems breach
- Malwarebytes reported 17.5 million account detail leaks, likely from past API incidents (2022 or 2024).
- Hackers sharing authentic data increase phishing risks; Users are advised to verify information directly on Meta sites
Some Instagram users have received password reset emails without asking for them, but the company says it has not suffered any data breaches.
Parent company Meta released a statement saying this was not a data breach and that accounts were not at risk. Instead, it claims it was an error that allowed third parties to trigger password reset emails, and that’s it.
“We fixed an issue that allowed an external party to request password reset emails for certain Instagram users,” a Meta spokesperson said. “We want to reassure everyone that there has been no breach of our systems and that people’s Instagram accounts remain secure. People can ignore these emails and we apologize for any confusion this may have caused.”
When was it stolen?
This follows recent reports from Malwarebytes claiming that unidentified actors stole data from 17.5 million Instagram accounts.
The stolen data is believed to include user IDs, usernames, email accounts, phone numbers, names and postal addresses. According to the researchers, the data ended up on “many hacking forums”, where it was said to come from a 2024 Instagram API leak.
However, not everyone agrees with this assessment. Some researchers believe the data was actually seized during the 2022 API scraping incident. Meta, on the other hand, claims to know nothing about API incidents in 2022 or 2024.
Whether the data was stolen in 2022, 2024, or 2026, the fact that hackers are sharing genuine user data on the dark web should be concerning enough. With so much information, cybercriminals can launch convincing phishing emails, tricking users into sharing their Instagram login credentials, or even those of Facebook and WhatsApp.
To protect against potential attacks, it would be best to simply ignore all emails claiming to be from Meta or its companies, and directly double-check all information on the respective websites.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
