Instagram has confirmed that its internal systems were not compromised and stated that recent password reset emails received by some users were the result of an external actor exploiting an issue that has since been resolved.
The company emphasized that user accounts remain secure and advised recipients to disregard any unexpected password reset notifications.
This clarification follows reports of a large dataset allegedly containing information linked to approximately 17.5 million Instagram accounts being advertised on cybercrime forums. The dataset, believed to have been scraped in 2024, reportedly includes usernames, email addresses, phone numbers, and partial location details, raising concerns about potential account misuse and targeted phishing activity.
In a public statement, Instagram said it corrected a flaw that allowed an external party to trigger password reset emails for certain users. The company stressed that there was no breach of its systems and reaffirmed that affected accounts were not accessed or taken over. According to Instagram, the issue enabled the sending of legitimate reset prompts without granting attackers the ability to change passwords or log in. While disruptive, the behavior was limited to generating reset emails and did not result in unauthorized account access.
Instagram advised users that unsolicited password reset emails received during this period can be safely ignored.
Despite the company’s assurances, security specialists continue to recommend enabling two-factor authentication, using strong and unique passwords, and remaining alert to phishing messages that may reference recent security incidents.
The appearance of the password reset issue alongside the circulation of the 17.5 million record dataset has prompted questions about whether exposed contact details were used to target specific accounts. Although Instagram maintains that its core infrastructure was unaffected, experts note that large-scale data scraping combined with minor platform weaknesses can create significant security concerns and erode user trust.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
