Instagram has announced that it has fixed an issue that sent a wave of unexplained password reset emails and sparked fears of a massive hacking incident. In a statement issued on Sunday (Janaury 11), the company clarified that while an external party exploited a technical vulnerability, Instagram’s core systems remained secure.“We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure,” the company said in a statement posted on X.“You can ignore those emails — sorry for any confusion,” Instagram added, prompting a reply from Nikita Bier, head of product X (formerly). “I’m glad you shared this on X, because no one would see it on Threads,” he said.
Why Instagram users received password reset emails
The clarification follows an alarm triggered by a report from antivirus firm Malwarebytes which claimed that it has discovered a database for sale on the dark web containing the “sensitive information” of 17.5 million Instagram users. The data included usernames, physical addresses, phone numbers and email addresses.Malwarebytes suggested the leak was related to a potential 2024 incident involving an Instagram API exposure. It also warned that the surge in password reset requests may also result in further phishing attacks or account takeovers.
How to secure your Instagram account
Here are a few ways users can secure their Instagram accounts:
- Enable two-factor authentication (2FA) which provides a secondary layer of security even if a password is compromised.
- Review logged-in devices regularly. This will help you keep an eye whether your account is bring used by unauthorised party.
- Do not click on suspicious links within the reset emails if you have not personally requested them.
About the Author
