Instagram reassures users after a massive wave of password reset requests: accounts are safe

By: Volodymyr Stetsiuk | today, 00:29

Security settings screens: your protection in the digital world

Security settings screens. Source: Meta

The social network Instagram recorded a large number of password reset requests sent via email. Many users received several such messages at once, which raised suspicions about a potential data leak.

What is known

The cybersecurity company Malwarebytes stated that it found a database with information on 17.5 million Instagram users on the darknet. According to researchers, the leaked data may include usernames, email addresses, phone numbers, and even physical addresses. It is also indicated that the leak is likely related to a vulnerability in the Instagram API that existed back in 2024.

Meanwhile, Instagram denies any security breaches. In an official post on X (formerly Twitter), the company noted that an external party might have sent password reset requests to some people, but Instagram's systems were not breached.

We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.

You can ignore those emails — sorry for any confusion.
— Instagram (@instagram) January 11, 2026

"We fixed a problem that allowed an external party to request password reset emails for some users. There was no breach of our systems, and your Instagram accounts are secure. You can ignore those emails — sorry for any confusion," Instagram's message said.

Source: Meta

Facebook Safety and hackers