In Brief
Posted:
Instagram says that although some users received suspicious-looking password reset requests, it has not been breached.
That seemingly contradicts a Friday Bluesky post from antivirus software company Malwarebytes, which shared a screenshot of an email from Instagram informing users of a request to reset their password. The post claimed, “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.”
This data, Malwarebytes added, “is available for sale on the dark web and can be abused by cybercriminals.”
However, Instagram subsequently posted (on X, rather than Instagram or Threads) that it had “fixed an issue that let an external party request password reset emails for some people.”
The company did not offer any details about the external party or the specific issue, but its post concluded, “You can ignore those emails — sorry for any confusion.”
Newsletters
Subscribe for the industry’s biggest tech news
Related
Latest in Security
Source: Techcrunch
