Instagram users alarmed as password reset emails flood in worldwide
Technology
Cybersecurity firm Malwarebytes has linked the surge in reset emails to a previously exposed dataset involving approximately 17.5 million Instagram accounts.
(Web Desk) - Millions of Instagram users globally have reported receiving unexpected password reset emails that appear to be sent from Instagram’s official security email address, raising fears of a potential data breach and misuse of personal information.
Cybersecurity firm Malwarebytes has linked the surge in reset emails to a previously exposed dataset involving approximately 17.5 million Instagram accounts. The data was initially scraped through an API vulnerability in late 2024 and has reportedly resurfaced on dark web forums in recent days.
According to security analysts, the leaked information includes usernames, email addresses, phone numbers, and partial physical addresses—details that could be exploited for phishing attempts, impersonation, or credential-harvesting attacks.
Several cybersecurity monitoring platforms noted that the reset emails closely matched Instagram’s standard formatting and appeared to originate from verified domains such as @mail.instagram.com. However, the unusual volume and timing of the messages suggest they are connected to the re-emergence of the leaked data rather than individual user requests.
Social media users and tech websites have reported that, despite the emails appearing authentic and having legitimate headers, many recipients found no corresponding password reset request in their account activity or security logs.
The emails inform users that a request has been made to reset their Instagram password and provide two options: proceed with the reset or report the request as unauthorized. The message reassures users that their password will remain unchanged if no action is taken.
Malwarebytes maintains that the spike in these emails is likely tied to the resurfaced breach, which allegedly allowed hackers to scrape profile data from millions of accounts. Meanwhile, Instagram has stated that receiving a password reset email alone does not necessarily indicate a security breach and advises users to remain cautious.
