CoreTechDaily

Instagram Addresses Password Reset Emails Amid Data Breach Claims

Instagram reassures users that recent password reset emails were due to an error, not a data breach, while advising caution against phishing attempts.

Published Jan 12, 2026
Tags:data breachpassword resetMetaphishingInstagram
Instagram Addresses Password Reset Emails Amid Data Breach Claims
  • Meta clarifies that Instagram password reset emails were sent in error, not due to a system breach.
  • Malwarebytes reported a leak of 17.5 million account details, potentially from past API incidents.
  • With authentic data circulating, users are warned to verify information directly on Meta's platforms.

Numerous Instagram users have reported receiving unsolicited password reset emails. However, Meta has stated that there has been no data breach.

The parent company, Meta, has confirmed that the situation was caused by an error allowing third parties to trigger these emails, ensuring that accounts remain secure.

"We fixed an issue that allowed an external party to request password reset emails for some Instagram users," a Meta spokesperson explained. "We want to reassure everyone there was no breach of our systems and people's Instagram accounts remain secure. People can disregard these emails and we apologize for any confusion this may have caused."

When was it stolen?

This announcement follows reports from Malwarebytes indicating that unidentified threat actors may have compromised data from 17.5 million Instagram accounts.

The compromised data reportedly includes user IDs, usernames, email addresses, phone numbers, names, and postal addresses. Researchers suggest this data surfaced on various hacking forums, allegedly sourced from a 2024 Instagram API leak.

However, some experts argue that the data may have originated from a 2022 API scraping incident. Meta, on its part, claims to have no knowledge of any API incidents in 2022 or 2024.

Regardless of the timeline, the fact that hackers are distributing real user data on the dark web raises significant concerns. Such information can enable cybercriminals to craft convincing phishing emails, potentially tricking users into revealing their Instagram, Facebook, or WhatsApp login credentials.

To safeguard against potential threats, users are advised to ignore any emails purportedly from Meta or its subsidiaries and to verify all information directly on the official websites.

Via BleepingComputer

Related Posts

US Senators Urge Apple and Google to Remove X and Grok Apps Over Controversial Image Generation

Jan 13, 2026

US Senators Urge Apple and Google to Remove X and Grok Apps Over Controversial Image Generation

US Senators have urged Apple and Google to take action against Grok for generating explicit images of women and children.

Meta Deletes Over 500,000 Teen Accounts in Australia Amid Social Media Ban

Jan 12, 2026

Meta Deletes Over 500,000 Teen Accounts in Australia Amid Social Media Ban

Meta has removed more than 500,000 accounts of under-16s in Australia as part of a new social media ban, but questions remain about its effectiveness.

BreachForums Data Breach Exposes 324,000 User Accounts

Jan 12, 2026

BreachForums Data Breach Exposes 324,000 User Accounts

A significant data breach at BreachForums has revealed usernames and IP addresses of nearly 324,000 users, though many IPs are not useful for identification.

Illinois Agency Exposes Personal Data of Over 700,000 Individuals

Jan 8, 2026

Illinois Agency Exposes Personal Data of Over 700,000 Individuals

A significant data breach occurred due to a mistake by the Illinois Department of Human Services, affecting over 700,000 individuals.