WASHINGTON (dpa-AFX) - Instagram (META) has insisted its systems were not breached after large numbers of users received unexpected emails asking them to reset their passwords.
The company said it had fixed an issue that allowed an outside party to trigger genuine password reset messages, but stressed that no internal systems were compromised and that user accounts remain secure.
That explanation has been challenged by Malwarebytes, which said the emails were linked to stolen data being traded on a hacker forum. The security firm claimed that information from 17.5 million Instagram accounts, including contact details, was being advertised for sale, though it did not provide further technical evidence. Its post on the issue has drawn millions of views online.
Malwarebytes later told the BBC it believes the reset emails were tied to this alleged data sale, with the seller claiming the material came from a leak in 2024. Other researchers are less convinced, suggesting the dataset may instead be older information scraped from public profiles in 2022.
The mixed messages have left many users confused. Instagram reiterated that the problem was limited to the misuse of its password reset feature and declined to say who was responsible for triggering the emails. While the links in the messages appear to lead to legitimate Instagram pages rather than phishing sites, the episode has unsettled users, some of whom feared they were being targeted by scammers.
Security experts continue to advise people to avoid clicking links in unsolicited emails and to change passwords directly through the app or official website, ideally with extra protection such as two-factor authentication enabled.
Tuesday, Meta closed at $631.09, down 1.69%, and is trading higher after hours at $642.74, up 1.85%, on the NasdaqGS.
Copyright(c) 2026 RTTNews.com. All Rights Reserved
Copyright RTT News/dpa-AFX
© 2026 AFX News
