Instagram hacked? 17.5 million users received fake password reset emails
12.01.26
Instagram is likely at the center of a major data breach that could have affected up to 17.5 million users, according to cybersecurity company Malwarebytes, which uncovered the massive data breach while monitoring the dark web.
According to Malwarebytes, the leaked databases contain user names, email addresses, phone numbers, and in some cases, physical addresses. This data is already up for sale on shady sites, which increases the risk of phishing emails, social engineering, and attempts to gain unauthorized access to accounts.
Experts link the possible source of the leak to a vulnerability in the Instagram API, which was discovered in 2024. It is believed that this was the way attackers could have accessed users’ confidential information. There is no direct confirmation of this scenario yet, but the similarity in the type of data suggests that this is the attack vector.
Amidst the reports of the leak, some users have begun receiving massive messages requesting to reset their Instagram passwords. This may indicate that the compromised data is already being used to attempt to hack or hijack accounts.
Meta, which owns Instagram, has not made any official statements about the possible leak at the time of publication. Information security specialists recommend that users change their passwords, activate two-factor authentication, and check the list of devices that have access to their account through the Meta Account Center to reduce potential risks.
Official Instagram comment
Instagram announced that it had fixed a technical glitch that caused a significant number of users to receive emails asking them to reset their account passwords.
The company explained that the sending of such messages was provoked by the activity of “third parties”, emphasizing that no compromise of the platform’s internal systems was recorded. In an official statement published on the social network X, Instagram assured that user accounts remain safe, and password reset letters received without the initiative of the account owners can be disregarded.
Parent company Meta has not yet disclosed additional details about the causes of the incident or specified how third-party actions led to the mass sending of such messages.
Don't miss interesting news
Subscribe to our channels and read announcements of high-tech news, tes
Oppo A6 Pro smartphone review: ambitious
0 
Creating new mid-range smartphones is no easy task. Manufacturers have to balance performance, camera capabilities, displays, and the overall cost impact of each component. How the new Oppo A6 Pro balances these factors is discussed in our review.
Top news of 2025 on hi-tech.ua
0 
Our editorial team traditionally sums up the results every year. We recently showcased the editors’ top devices. Now it’s time to share the top news stories from hi-tech.ua in 2025.
Instagram hacked? 17.5 million users received fake password reset emails hacker Instagram
Instagram is likely at the center of a major data breach that could have affected around 17.5 million users
Alphabet overtook Apple in market capitalization for the first time in 7 years Apple business Google
Alphabet, Google’s parent company, briefly overtook Apple in market capitalization