Millions of Instagram users are receiving unexpected password reset emails following a reported leak of account details. Instagram has reassured users that data from over 17 million accounts has not been compromised, emphasizing that there has been no breach. Users are advised to exercise caution before interacting with such emails.
Security experts recommend avoiding clicking on suspicious password reset links in emails, noting that attackers would require additional information to gain unauthorized access. Davey Winder, a cybersecurity writer for Forbes, disclosed receiving a seemingly legitimate email from Instagram requesting a password reset.
Reports indicate that sensitive information from 17 million Instagram records was leaked by a threat actor named “Solonnik.” This data breach occurred during an API leak in 2024, where security measures were bypassed to extract the information. The leaked dataset was reportedly made available for free on the cybercrime platform BreachForums.
Instagram addressed the issue, stating, “We fixed an external party’s ability to request password reset emails for some users. No breach occurred, and Instagram accounts remain secure. Users can safely ignore these emails and we apologize for any confusion.”