Meta denies Instagram data breach affecting 17M accounts
What's the story
Meta has refuted claims of a major data breach involving nearly 17 million Instagram accounts. The denial comes after a wave of user complaints about unsolicited password reset emails, raising fears of a potential leak. Cybersecurity firm Malwarebytes had earlier reported that data related to some 17.5 million Instagram users was being sold on the dark web.
Dark web allegations
Malwarebytes's report and user reactions
Malwarebytes claimed the leaked data included usernames, email addresses, phone numbers, and in some cases even physical addresses. The report sparked fears of a major breach at Instagram, with users rushing to change their passwords and take to social media platforms like X. However, Meta has now denied these claims.
Official statement
Meta's clarification on the issue
In response to the allegations, a Meta spokesperson issued a statement denying any breach. The company admitted to fixing an issue that enabled an external party to trigger password reset emails for some users. However, they stressed that this did not involve unauthorized access to their systems or user accounts. "We fixed an issue that allowed an external party to request password reset emails for some Instagram users," said the spokesperson.
User reassurance
Response to affected users
Meta has also assured users who received these emails that they can safely ignore them. The company has apologized for any confusion caused by this incident. Despite Malwarebytes's claims, Meta has not confirmed any exposure of user data from its systems. As of now, there is no independent verification that the alleged dataset came from Instagram's internal systems.
Expert advice
Cybersecurity experts advise caution amid data breach claims
Even though Meta insists there is no breach, cybersecurity experts generally recommend users to be cautious. They suggest enabling two-factor authentication, avoiding clicking on links in unsolicited emails, and regularly reviewing account security settings. Changing passwords as a precautionary measure is also advised, especially if similar emails were received. These incidents are common across major platforms and are often linked to automated abuse rather than direct breaches.