Instagram has moved to calm its users by refuting claims that the data of over 17 million users was compromised. Reports surfaced on January 10 that account information had been exposed, leading to many users receiving unexpected password reset emails.
Previously, cybersecurity company Malwarebytes stated that leaked data contained usernames, physical addresses, phone numbers, and email addresses from 17.5 million Instagram accounts. The firm cautioned that this information was being sold on the dark web for potential misuse by cybercriminals.
In contrast, Instagram itself denied any breach had occurred. The platform addressed the issue by explaining that an external party had exploited a loophole to request password reset emails for some users. Instagram assured its users that their accounts were secure and advised them to disregard the reset emails.
Despite Instagram’s reassurance, users remained skeptical about the security of their accounts. Some questioned how an external entity could trigger password resets without a breach being involved, expressing concerns about the safety of their personal information.
Instagram suggested several measures to enhance account security, emphasizing the importance of enabling two-factor authentication. Additionally, users were encouraged to update their email and phone numbers associated with their accounts to facilitate account recovery in case of unauthorized changes.
At Reach and its affiliated entities, user data is collected to enhance site experiences and provide personalized advertising through cookies and identifiers. Users can opt out of data sharing by clicking on the “Do Not Sell or Share my Data” button on the website. Acceptance of these practices is implicit in the use of the website and its services.