/stackumbrella/media/agency_attachments/2026/02/03/2026-02-03t122236880z-logo_5ec00731b6678-2026-02-03-17-52-36.png){kind=logo}
Follow Us
/stackumbrella/media/media_files/wp-content/uploads/2026/01/instagram-data-leak-exposes-sensitive-info-of-17-5m-accounts-v0-iDoEXt37UBviQC14Pd4A8s62vmhJTrV3acPAXbxys8g.jpg)
A significant data breach may be the cause of the surprise password reset request emails that a number of Instagramusers reported getting last week.
Cybersecurity company Malwarebytes announced a huge data theft from the Meta-owned social mediasite on Saturday night (IST), saying that 17.5 million Instagram users' private information had been hacked.
Numerous Users Receive Password Reset Mail
/stackumbrella/media/media_files/wp-content/uploads/2025/12/insta-1.webp)
Malwarebytes claimed that "cybercriminals stole the sensitive information of 17.5 million Instagramaccounts, including usernames, physical addresses, phone numbers, email addresses, and more." The stolen information was then sold on the dark web and could be "abused by cybercriminals."
Many customers responded to Malwarebytes' posts on social media as soon as the company announced the hack, confirming that they had, in fact, gotten emails with password resets.
The author of the data breach tracker, Have I been Pwned, Troy Hunt, also acknowledged that he had recently received an email requesting a password change for his account.
Might Be Older Leak From Darker Web
However, a number of others, including cybersecurity researchers, noted that Instagram had not been compromised recently and that the data purportedly accessible on the dark web dates back to 2022. This information was made public in late 2024 by an API leak that circumvented standard security measures to scrape user profiles worldwide.
According to International Cyber Digest, a cybersecurity weekly, the allegedly exposed data "appears to be from the Instagram 2024 API breach, in which 489 million records were taken."
What Meta Has Said?
/stackumbrella/media/media_files/wp-content/uploads/2025/12/insta-2.webp)
A representative for the Mark Zuckerberg-owned business told, "We rectified an issue that allowed an external entity to obtain password reset emails for some Instagram users.We want to reassure everyone that there was no system compromise and that users' Instagram accounts are still safe.We apologize for any misunderstanding this may have caused, and people are free to ignore these emails."
The business has not yet made a public statement regarding the data breach report, though.
What are the Potential Risks?
Social media users may still be at risk from the disclosure of sensitive personally identifiable information, regardless of when the data breach occurred.
Many Instagram users have already reported getting emails asking for a password reset.
Additionally, CyberPress stated that although passwords did not seem to be included in the data leak, the combination of users' phone numbers and emails could be enough for "SIM Swapping" attacks and/or sophisticated social engineering attacks, in which con artists pretend to be Instagram support to trick victims into providing login credentials and two-factor authentication codes.
What can you do?
- It is best to put safety first as we wait for more information on what actually happened.
- It is recommended that all Instagram usersimplement multi-factor authentication; using an authenticator app is preferable to SMS-based code alerts.
- Additionally, internet users are strongly warned not to comply with any emails requesting a password reset unless they have specifically asked for one.
- You can use Malwarebytes' digital footprint scanner or Have I Been Pwned to examine your digital footprint and data leak history.
How To Reset an Instagram Password
/stackumbrella/media/media_files/wp-content/uploads/2025/12/insta-4.webp)
To reset your Instagram password, use the "Forgot password?" link on the login screen and enter your email, phone, or username to get a reset link, or if logged in, go to Settings > Accounts Center > Password & Security > Change Password and follow the prompts to enter your current password and set a new one.
If you forgot your password (logged out)
- On the login screen: Tap "Forgot password?" (or "Get help logging in") below the login button.
- Enter details: Type your username, email, or phone number associated with the account and tap "Next" or "Continue".
- Check for link:Instagram will send a password reset link or code via email or text.
- Follow instructions: Open the link/enter the code and follow the steps to create a new password.
If you know your current password (logged in):
- Go to Profile:Tap your profile picture (bottom right).
- Open Menu: Tap the three lines (☰) in the top right.
- Go to Settings:Tap "Settings and privacy", then "Accounts Center" (or just "Accounts Center").
- Find Password & Security: Tap "Password and security".
- Change Password: Tap "Change password", select your account, enter your current password, then your new password twice, and tap "Change password" to finish.
After entering your email address, you can view a list of all the data breaches that have impacted your account and take appropriate action.