SECURITY
SECURITY
SECURITY
Instagram denies data breach after password reset emails spark leak claims
Meta Platforms Inc.-owned Instagram has denied it suffered a data breach after a wave of unsolicited password reset emails sparked claims that data from more than 17 million user accounts had been leaked.
Reports that Instagram had been breached first emerged after large numbers of users reported receiving password reset emails they had not requested. The sudden spike led to speculation that attackers had gained access to Instagram’s internal systems and were attempting to take over accounts at scale.
Adding to the speculation were reports from cybersecurity researchers claiming that a dataset containing information tied to 17.5 million Instagram accounts was being offered for sale on underground forums. The data was said to include usernames, email addresses, phone numbers and, in some cases, physical location details.
In a statement reported today by Bleeping Computer, Instagram said there was no evidence that its systems were breached or that attackers gained unauthorized access to user data. Instead, Instagram says that the surge in password reset emails was the result of an external party abusing a bug that allowed password reset messages to be triggered in large numbers without compromising account credentials or backend infrastructure.
“We fixed an issue that allowed an external party to request password reset emails for some Instagram users,” a Meta spokesperson said. “We want to reassure everyone there was no breach of our systems and people’s Instagram accounts remain secure. People can disregard these emails and we apologize for any confusion this may have caused.”
Though there may be an Instagram-related dataset on a hacking site, it does not necessarily indicate that there was a new breach, but instead it could involve past scraping incidents and older data collections. Such datasets have appeared in the past and have been branded as “new leaks,” particularly when unrelated platform issues draw public attention.
Instagram is investigating the origin of the dataset.
Even with data seemingly not stolen, users of Instagram, as with all online accounts, should always be cautious and avoid clicking links in unsolicited emails, manually navigate to Instagram to change passwords if concerned, and use two-factor authentication to reduce the risk of account takeover.
Image: SiliconANGLE/Ideogram
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
