Instagram has dismissed claims of a major security breach after several users reported receiving unexpected password reset emails. The company said the alerts, which appeared suspicious to some account holders, were not the result of hackers gaining access to its systems, stressing that user data remains secure.

The clarification follows a post shared on Friday by cybersecurity firm Malwarebytes on Bluesky, which included a screenshot of an email purportedly sent by Instagram requesting a password reset. Malwarebytes alleged that cybercriminals had obtained sensitive information from about 17.5 million Instagram accounts, including usernames, phone numbers, email addresses and even physical locations.

According to the cybersecurity firm, the alleged data had been listed for sale on the dark web and could potentially be exploited for fraud, identity theft and other cyber-related crimes. The claims quickly sparked concern among users, prompting questions about the safety of personal information on the platform.

In response, Instagram released a statement on X, explaining that it had identified and resolved a technical issue that allowed an external party to trigger password reset emails for some users. While the company did not disclose details about the source of the activity or the nature of the flaw, it reassured users that no breach had occurred and advised them to disregard the emails, apologising for the confusion caused.

Source: Techcrunch