If you opened your inbox recently to find a flood of password reset requests from Instagram, you aren’t alone. A major security scare is currently swirling around the social media giant, leaving millions of users wondering if their personal information is safe.
The security company Malwarebytes sparked concern after reporting a massive data breach. According to their researchers, hackers stole the sensitive details of 17.5 million Instagram users. This includes usernames, phone numbers, email addresses, and even physical home addresses. Malwarebytes found this information for sale on the dark web during a routine scan. They believe the leak stems from a problem with Instagram’s software tools back in 2024.
Instagram, however, says there is no reason to panic. The company flatly denied that any breach occurred. They explained that a bug allowed an “external party” to trigger those reset emails for a large group of people, but they claim the issue has already been fixed. On their official X account, Instagram told users that their accounts remain secure and advised everyone to ignore the suspicious reset emails.
While Instagram insists its systems are tight, the company’s parent, Meta, has a rocky history when it comes to protecting user data. Whether this was a full-blown breach or just a glitch, the situation serves as a loud wake-up call. Security experts warn that even if the “leak” isn’t as bad as reported, cybercriminals can still use these distractions to launch phishing attacks. They might send fake messages to trick you into handing over your actual password while you are distracted by the reset notifications.
To stay safe, you should lock down your profile. Turn on two-factor authentication so that a hacker needs more than just a password to get in. You should also head over to the Meta Accounts Center to review your logged-in devices. If you see a phone or computer you don’t own, log out immediately. Changing your password to something unique is also a smart move.
