Outlook Business Desk
Concerns around Instagram account safety surfaced after users across regions reported receiving password reset emails they did not request, raising fears of unauthorised access and sparking online speculation about a possible large-scale data breach.
Cybersecurity firm Malwarebytes alleged that information connected to around 17.5 million Instagram users globally had been exposed, claiming the data was listed for sale on the dark web, raising serious concerns about user privacy and account security.
According to Malwarebytes, the data allegedly exposed included Instagram usernames, email addresses, phone numbers and, in some instances, physical addresses, which the firm said could be misused by cybercriminals if the claims prove to be accurate.
Multiple Instagram users reported on social media platform X (formerly twitter) that they received unexpected password reset alerts and suspicious emails, leading many to update their passwords promptly and alert others amid rising concerns about potential account compromises.
With reports spreading, fears of a large-scale Instagram data breach intensified, prompting users to check breach databases, share concerns online, and worry that sensitive personal information might have been accessed without authorisation.
Rejecting breach claims, Meta stated that Instagram’s systems were secure and no user accounts were compromised, firmly disputing reports alleging widespread exposure of account data and reassuring users about the platform’s safety.
The company explained that a glitch let an outside party trigger password reset emails for some Instagram users, clarifying these messages were not signs of hacked accounts and offering an apology for any misunderstanding or concern.
Despite Meta’s statements, experts advise Instagram users to stay alert, refrain from interacting with suspicious emails, review security settings, and change passwords as a preventive measure if they notice unexpected password reset notifications.
To enhance account safety, Instagram recommends turning on two-factor authentication, clarifying that password reset alerts don’t always mean a breach, and encouraging users to ensure the security feature is active and functioning properly.