Instagram states that it has not experienced a data breach, despite some users receiving suspicious-looking password reset requests. This appears to contradict a recent claim from the antivirus software company Malwarebytes. Malwarebytes posted a screenshot of an email from Instagram about a password reset request and asserted that cybercriminals had stolen sensitive information from 17.5 million accounts. The data allegedly included usernames, physical addresses, phone numbers, and email addresses.
According to Malwarebytes, this stolen information is now available for sale on the dark web and could be abused by criminals. In response, Instagram posted an update stating it had fixed an issue that allowed an external party to request password reset emails for some accounts. The company did not provide details about the external party or the specific issue. Instagram’s message concluded by advising users they could ignore those emails and apologized for any confusion.