Instagram denies breach after many receive emails asking to reset password

51 minutes ago Share Save Joe Tidy , Cyber correspondent and Liv McMahon , Technology reporter Share Save

Getty Images

Instagram has denied it has been victim to a data breach after many users received emails prompting them to reset their password. The firm said it had resolved a problem which allowed "an external party" to get the social media platform to send out legitimate password reset requests to users. Instagram said there had been no breach of its systems, and told users their accounts were secure. But some experts have questioned the statement, with cyber security firm Malwarebytes claiming the password reset emails had in fact been sent as a result of a hack.

"Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more," it claimed in a post on X, along with a screenshot of a password reset email from Instagram. No further details were given by the company, but the post has been viewed more than 2.3 million times. Malwarebytes told the BBC it believed the password reset emails were a direct result of an ongoing sale of private data on a hacker forum, where a criminal has claimed to have the personal details of 17.5 million Instagram users. The advert claims the data comes from a "leak" in 2024. But some security researchers think it is actually an old database that was gathered from data which could be publicly viewed - such as names and locations - in 2022.

'No breach'