Instagram Denies Data Breach After Mass Password Reset Emails Spark User Confusion

Instagram denies breach after password reset emails; Malwarebytes claims 17.5M accounts compromised. Change passwords now.

By Content Team

Jan 13, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Instagram users worldwide received unexpected password reset emails this week, sparking fears of a security breach. The company denied any system compromise, claiming it fixed an issue that allowed "an external party" to trigger legitimate password reset requests.

However, cybersecurity firm Malwarebytes contradicted Instagram's statement, alleging hackers stole data from 17.5 million accounts including usernames, addresses, and phone numbers. The firm linked the emails to an ongoing sale of Instagram user data on hacker forums, though some researchers believe it's old publicly available information from 2022.

Instagram hasn't explained who the "external party" was or how they gained this capability. Users should change passwords directly through Instagram's official app or website.

Source: BBC News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Washington Post Confirms Oracle Hack Exposed 10,000 Employee Records

Nov 15, 2025

Chinese Hackers Exploit Critical Zero-Day in Cisco Security Equipment

Dec 20, 2025

Apple Patches Two Zero-Day Flaws Used in Sophisticated Spyware Attacks

Dec 16, 2025

Manufacturing Hit Hard by Ransomware as Security Gaps and Skills Shortages Leave Sector Vulnerable

Dec 9, 2025