Millions of Instagram users are receiving unexpected password reset emails following a reported leak of their account details. Instagram has reassured users by denying that over 17 million user data had been compromised, emphasizing that there was no breach.
Users are advised to exercise caution before interacting with such emails, as experts suggest refraining from clicking on suspicious links. Despite the email warnings, attackers would require additional information to gain unauthorized access to accounts.
Cybersecurity writer Davey Winder shared his experience of receiving a seemingly legitimate email from Instagram, requesting a password reset. The email contained a prominent Reset Password button and a message instructing users to notify the company if the reset request was not initiated by them.
Reports indicate that sensitive information from more than 17 million Instagram records was leaked online by a threat actor known as “Solonnik.” The data breach reportedly originated from an API leak in 2024, where security measures were bypassed to extract the data.
Instagram addressed the issue, stating that an external party was able to request password reset emails for some users, but there was no breach of their systems. They assured users that their accounts were secure and advised disregarding the suspicious emails.
Please note that we and our partners use cookies and other identifiers to enhance your site experience, analyze usage patterns, and provide personalized advertising. You can manage your data preferences by clicking the appropriate option on our webpage. By using our services, you consent to our use of cookies as described in our Privacy Notice and Terms and Conditions.
