Instagram Data Leak Claims Spark Confusion as Meta Denies Breach

Reports of a potential large-scale Instagram data leak have sparked widespread concern, as cybersecurity researchers and Meta offer sharply different accounts of what occurred. While a security firm claims millions of user records are being sold online, Meta insists its systems were not breached. The conflicting narratives have left many users uncertain about the safety of their accounts.

Cybersecurity company Malwarebytes reported that data linked to approximately 17.5 million Instagram users has appeared for sale on underground websites. The firm said the exposed information includes usernames, email addresses, phone numbers, home addresses, and other personal details. According to Malwarebytes, the data was identified during routine dark web monitoring and may be connected to an API exposure that occurred in 2024.

Discover our newsletter This link uses an affiliate program.

Shortly after the report surfaced, many Instagram users said they began receiving repeated password-reset emails they had not requested. The sudden influx of messages raised fears that accounts were being targeted. Social media platforms quickly filled with posts from users expressing concern about possible unauthorized access and misuse of their personal information.

Meta, the parent company of Instagram, rejected claims of a data breach. The company said a technical issue temporarily allowed an external party to trigger password reset emails for some users. Meta stated that the issue has since been resolved and emphasized that its systems were not compromised. In a public statement, the company reassured users that their accounts remain secure and advised them to ignore the emails.