Many Instagram users have recently reported a surge in password reset notifications following claims from Malwarebytes about a potential data breach involving 17.5 million accounts. Although Instagram denies any system compromise and maintains that accounts are secure, the incident has prompted renewed warnings regarding digital security and account protection.

Reports surfaced recently when the antivirus firm Malwarebytes announced it had detected a significant leak of Instagram user data on the dark web. The company claimed the exposed information included sensitive details such as usernames, physical addresses, phone numbers, and email addresses. According to the firm, this data was likely sourced from an API exposure dating back to 2024. They warned that such information could be exploited by cybercriminals for phishing schemes or full account takeovers.

The widespread nature of the report coincided with a massive influx of password reset emails landing in the inboxes of many Instagram users. Malwarebytes suggested that this activity was a direct result of the leaked information being leveraged by external parties. The company emphasized that their routine dark web scans identified the data as being currently available for sale, which naturally caused significant concern among the platform’s massive global user base.

In response to the growing alarm, Instagram addressed the situation directly through a public statement on the social media platform X. The company clarified that they had identified and resolved a specific technical issue that allowed an external party to trigger password reset requests for certain accounts. They explicitly stated that no unauthorized access to their internal systems occurred and that the reports of a large-scale data breach were inaccurate.

Despite the firm denial from Instagram’s parent company, the official advice for concerned users is to disregard the unsolicited password reset emails. Instagram maintains that their security infrastructure remains intact and that the accounts themselves were never actually compromised. However, the incident has reminded many of previous data privacy challenges faced by Meta, leading some security experts to remain cautious about the company’s explanation of the event.

Regardless of whether a formal breach occurred, security professionals recommend that users take proactive steps to protect their digital presence. Enabling two-factor authentication and regularly updating passwords remain the most effective defenses against potential unauthorized access. Additionally, users are encouraged to utilize the Meta Accounts Center to review active sessions and ensure that no unrecognized devices are logged into their profiles.

Source: Instagram Says Accounts Are Secure After Surge in Password Reset Requests