Many Instagram users have received multiple password requests, but the photo/video-sharing platform wants everyone to know that everything is fine.
While Instagram is saying there is nothing to see here after users got suspicious requests to reset their passwords, Malwarebytes, an antivirus software company, claimed there was a data breach that revealed 17.5 million Instagram users’ sensitive information.”
According to the antivirus company, the leaked information included usernames, phone numbers, physical addresses, email addresses, and more.
But Instagram is denying Malwarebytes’ reporting, stating there was no breach and that user accounts were “secure.”
In a post shared on X, formerly Twitter, Instagram claimed it “fixed an issue” that allowed an “external party to request password reset emails for some people,” while also doubling down and saying “there was no breach.”
Interesting.
Malwarebytes also claims that the “data is available for sale on the dark web and can be abused by cybercriminals.”
According to an email from the antivirus software company to its customers, it claims to have found the breach during a routine dark web scan related to another incident involving Instagram API exposure in 2024.
While Instagram is trying to dismiss the “breach claims,” it’s no surprise, given people’s skepticism, especially after Instagram’s parent company, Meta (formerly Facebook), has been known for data breaches.
Yeah, you might wanna turn on two-factor authentication and change that password.
You can see more reactions below.
