google.com, pub-8701563775261122, DIRECT, f08c47fec0942fa0
UK

Instagram denies breach after users receive password reset emails

Instagram denies breach after users receive password reset emails

Joe Regular,cyber reporterAnd

Liv McMahon,technology reporter

Getty Images A hand holds a smartphone showing Instagram on a background with a larger Instagram logo on the screenGetty Images

Instagram has denied being the victim of a data breach after many users received emails asking them to reset their passwords.

The firm said it fixed an issue that allowed an “external party” to enable the social media platform to send legitimate password reset requests to users.

Instagram said there was no breach of its systems and assured users that their accounts were safe.

However, some experts questioned this statement, with cybersecurity firm Malwarebytes claiming that the password reset emails were actually sent as a result of a hack.

“Cybercriminals stole sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more,” a post on

No further details were provided by the company, but the post was viewed more than 2.3 million times.

Malwarebytes told the BBC it believes the password reset emails are a direct result of an ongoing sale of private data on a hacker forum where a criminal claims to have the personal information of 17.5 million Instagram users.

The ad claims the data comes from a “leak” in 2024.

But some security researchers think it’s actually an old database compiled from data (like names and locations) that will be publicly viewable in 2022.

‘No violation’

The password reset emails, combined with the Malwarebytes warning, caused confusion among thousands of people on social media.

Instagram’s statement also raised questions.

“We fixed an issue that allowed an external party to request a password reset email for some contacts,” the company said.

“There was no breach of our systems.”

However, Instagram did not respond to the BBC’s questions about who the external party was that could send legitimate password reset requests on behalf of the company.

The emails caused some users on social media to worry that it was a scam or phishing attempt and designed to get more details.

However, the links in the email do not appear to be malicious and the password reset process the user is guided through appears to be legitimate.

But our advice, as always, is to go directly to the website or app to make changes to passwords and add extra protection.

A green promotional poster made up of pixelated black squares and rectangles moving inwards from the right. The text says:
Tags

Related Articles

M5 traffic LIVE: Motorway closed due to Storm Chandra flooding causing major delays | UK | News

M5 traffic LIVE: Motorway closed due to Storm Chandra flooding causing major delays | UK | News

January 28, 2026
Why Manchester Museum is showcasing thousands of artefacts of unknown origins in its new Africa Hub

Why Manchester Museum is showcasing thousands of artefacts of unknown origins in its new Africa Hub

December 20, 2025
Meta found in breach of EU law over ‘ineffective’ complaints system for flagging illegal content | Meta

Meta found in breach of EU law over ‘ineffective’ complaints system for flagging illegal content | Meta

October 24, 2025
Jihad Al-Shamie pledged allegiance to ‘Islamic State’ in 999 call

Jihad Al-Shamie pledged allegiance to ‘Islamic State’ in 999 call

October 8, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button