Users who recently received multiple password reset emails from Instagram are not alone. The alerts followed a report from Malwarebytes, which initially claimed that sensitive data linked to 17.5 million Instagram users had been exposed.
Malwarebytes said the leaked data included Instagram usernames, physical addresses, phone numbers, email addresses, and other personal details. The company added that the information was being offered for sale on the dark web and could be misused by cybercriminals.
Possible API Exposure
In its report, Malwarebytes said it identified the data during a routine dark web scan. The company linked the exposure to a possible incident involving an Instagram API from 2024. Malwarebytes warned customers that the leaked information could enable more serious attacks, including phishing attempts and potential account takeovers.
Following the report, many users began receiving repeated emails from Instagram requesting password resets, adding to concerns about account security.
Instagram Denies Data Breach
Instagram rejected claims of a data breach and said its systems were not compromised. In a post on X, the company said users could safely ignore the recent password reset emails.
We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.
You can ignore those emails — sorry for any confusion.
— Instagram (@instagram) January 11, 2026
While Instagram said the incident was not the result of a data breach, its parent company, Meta, has faced data breach scrutiny in the past. As a precaution, users may still choose to enable two-factor authentication, update their passwords, and review active login sessions through Meta’s Accounts Center.
Stay Connected with ProPakistani
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.
