Meta's Instagram has denied its systems were breached after a large number of users reported receiving unsolicited password reset emails, sparking security concerns. The company stated it fixed an issue that allowed an external party to trigger the reset emails but assured users that their accounts remained secure and no data was compromised. Users were advised they could ignore the suspicious emails.
The wave of reset requests coincided with claims from cybersecurity firm Malwarebytes that data from approximately 17.5 million Instagram accounts was being sold on the dark web. This dataset allegedly included usernames, phone numbers, and email addresses. Meta has refuted that a system breach occurred and has not confirmed a connection between the password reset issue and the alleged data leak, which some researchers speculate may be from an older incident.