Millions of Instagram users worldwide have been jolted by unexpected password reset emails, seemingly sent from Instagram’s official security address, sparking widespread concern over a potential data breach and the security of personal information.
Cybersecurity experts warn that these alerts could be linked to a massive leak of account data resurfacing on the dark web, putting millions of profiles at risk.
Cybersecurity firm Malwarebytes has linked the surge in reset emails to a previously exposed dataset involving approximately 17.5 million Instagram accounts.
The data was initially scraped through an API vulnerability in late 2024 and has reportedly resurfaced on dark web forums in recent days.
According to analysts, the leaked information includes usernames, email addresses, phone numbers, and partial physical addresses details that could be exploited for phishing attempts, impersonation, or credential-harvesting attacks.
Several cybersecurity monitoring platforms noted that the reset emails closely matched Instagram’s standard formatting and appeared to originate from verified domains such as @mail.instagram.com.
However, the unusual volume and timing of the messages suggest they are connected to the resurfaced breach rather than individual user requests.
Social media users and tech websites have reported that, despite the emails appearing authentic, many recipients found no corresponding password reset request in their account activity or security logs.
The emails instruct users that a password reset request has been made and provide two options: proceed with the reset or report it as unauthorized. The message reassures users that their password will remain unchanged if no action is taken.
Malwarebytes maintains that the spike in these emails is likely tied to the resurfaced breach, which allegedly allowed hackers to scrape profile data from millions of accounts.
Meanwhile, Instagram has stated that receiving a password reset email alone does not necessarily indicate a security breach and advises users to remain vigilant.
