Millions of Instagram users are receiving unexpected emails prompting them to reset their passwords due to a potential leak of their account information. Instagram has responded by reassuring users that the data of over 17 million users has not been compromised and that there has been no breach.
Users are being advised to exercise caution when receiving such emails and to refrain from clicking or responding to them. Security experts recommend avoiding clicking on any Reset Password buttons in suspicious emails, emphasizing that attackers would still require additional information to gain unauthorized access to accounts.
Davey Winder, a cybersecurity writer for Forbes, shared his experience of receiving a seemingly legitimate email from Instagram requesting a password reset. The email contained a noticeable Reset Password button and a message indicating that the password would only be changed if action was taken.
Reports suggest that sensitive information from more than 17 million Instagram records was leaked by a threat actor known as “Solonnik.” This data breach was reportedly a result of an API leak in 2024, where the hacker circumvented standard security measures to obtain the information. The stolen dataset was allegedly made available for free on the cybercrime platform BreachForums.
Instagram has addressed the issue by stating that they have resolved the vulnerability that allowed external parties to request password reset emails for some users. They affirmed that their systems were not breached, and user accounts remain secure. Instagram advised users to disregard any suspicious emails and apologized for any confusion.