Did Instagram Have Nothing To Do With The Breach Of 17 Million Accounts?

Malwarebytes, an antivirus software firm, alleged on January 9 that personal data from over 17.5 million Instagram accounts was exposed to cybercriminals. The alleged leak includes usernames, physical addresses, phone numbers, email addresses and more.

According to Malwarebytes, the alleged leak stems from an Instagram API exposure in 2024. The security firm warned that "the data is available for sale on the dark web and can be abused by cybercriminals."

Instagram responded on January 11, denying any breach of its systems. The company tweeted: "We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure."

Instagram told users they could safely ignore any suspicious password reset emails and apologized for the confusion.

Meanwhile, Malwarebytes, recommend users to take precautions and advised users to review logged-in devices through Meta's Accounts Center to spot any unauthorized access and enable two-factor authentication on your Instagram account.