Instagram says its systems were not breached, even after many users received unexpected password reset emails. The company claims the issue caused confusion but did not expose user data.
Reports surfaced after users received emails saying someone had requested a password reset on their Instagram accounts. That raised immediate concern, especially for people who had not tried to log in or change their passwords.
Don’t miss the best of The Mac Observer
Set us as a preferred source and our Apple reporting ranks higher in your Google Search results and Discover feed — one tap, no account changes.
Malwarebytes claimed, “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.” It also said, “This data is available for sale on the dark web and can be abused by cybercriminals.”
Instagram’s response
Instagram responded soon after, posting a statement on X.
The company said, “We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.”
Instagram added, “You can ignore those emails, sorry for any confusion.”
The company did not explain who the external party was or how the issue happened. It also did not confirm any link to the claims made by Malwarebytes.
At this point, Instagram says that no user data was stolen and that the problem only involved password reset requests being triggered improperly. Malwarebytes, meanwhile, continues to claim that user data is circulating online.
Discussion