Instagram says that although some users have received password reset requests that appear suspicious, they have not been breached.
That seems to contradict it The post was Bluesky from the antivirus software company Malwarebytes, which shared a screenshot of an email from Instagram informing users of a request to reset their password. The post said, “Cybercriminals stole sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.”
This data, Malwarebytes added, “is available for sale on the dark web and can be misused by cybercriminals.”
However, Instagram is next sent (in X, rather than Instagram or Thread) which has “fixed an issue that allowed external parties to request password reset emails for some people.”
The company did not elaborate on the external party or the specific issue, but the post concluded, “You can ignore the email – sorry for any confusion.”