Instagram Says There’s Been ‘No Breach’ Despite Password Reset Requests
Instagram says there has been no data breach after users received unexpected password reset emails, blaming the issue on a flaw in an external request.
Instagram says it has not experienced a data breach, despite some users reporting receiving suspicious password reset emails.
The statement appears to contradict a post shared on Friday on Bluesky by cybersecurity firm Malwarebytes. The post included a screenshot of an email purportedly from Instagram notifying users of a password reset request. Malwarebytes claimed that “cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.”
The firm further stated that the data was allegedly being sold on the dark web and could be exploited for malicious activity.
Instagram later responded publicly, posting an update on X rather than on Instagram or Threads. The company said it had “fixed an issue that let an external party request password reset emails for some people.”
We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.
You can ignore those emails — sorry for any confusion. — Instagram (@instagram) January 11, 2026
Instagram did not provide additional details about the external party or the nature of the issue. Still, it concluded its statement by telling users, “You can ignore those emails — sorry for any confusion.”
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
