Instagram Says “No Breach” After Suspicious Login Warnings

Instagram Says “No Breach” After Suspicious Login Warnings

Instagram says its systems were not breached, even after many users received unexpected password reset emails. The company claims the issue caused confusion but did not expose user data.

Reports surfaced after users received emails saying someone had requested a password reset on their Instagram accounts. That raised immediate concern, especially for people who had not tried to log in or change their passwords.

Don’t miss the best of The Mac Observer

Set us as a preferred source and our Apple reporting ranks higher in your Google Search results and Discover feed — one tap, no account changes.

Or get it by email

Malwarebytes claimed, “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.” It also said, “This data is available for sale on the dark web and can be abused by cybercriminals.”

Instagram’s response

Instagram responded soon after, posting a statement on X.

The company said, “We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.”

Instagram added, “You can ignore those emails, sorry for any confusion.”

The company did not explain who the external party was or how the issue happened. It also did not confirm any link to the claims made by Malwarebytes.

At this point, Instagram says that no user data was stolen and that the problem only involved password reset requests being triggered improperly. Malwarebytes, meanwhile, continues to claim that user data is circulating online.

Discussion

Join the discussionCommenting as a guest — your email is never published · Log in

Protected by Akismet — be kind, stay on topic.

This site uses Akismet to reduce spam. Learn how your comment data is processed.