Skip to main content
Manchester Evening News: Number one for news, opinion, sport & celebrity news
Manchester Evening News

Instagram 'security breach' addressed by firm as millions 'sent password reset emails'

Instagram has denied claims that more than 17 million users had their data stolen, after millions unexpectedly received password reset emails following reports of a major security breach

Comments
Alan Johnson Social News Reporter
14:31, 11 Jan 2026

Instagram has denied claims that the data of over 17 million users has been compromised. It follows reports yesterday that account details had been leaked online, with millions of users receiving unexpected password reset emails.

Previously, cybersecurity firm Malwarebytes claimed: "Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more. This data is available for sale on the dark web and can be abused by cybercriminals." However, Instagram, which is owned by Meta, has since refuted these claims, taking to fellow social media platform X to issue a statement.

Content cannot be displayed without consent

"We fixed an issue that let an external party request password reset emails for some people," it said on Sunday (January 11).

"There was no breach of our systems and your Instagram accounts are secure. You can ignore those emails - sorry for any confusion."

Despite this reassurance, many users remain sceptical, questioning how an external party was able to trigger password resets in the first place.

"No breach but an external party can trigger a password reset?" one user queried. "Sounds like a breach."

Another person exclaimed: "If an external party can trigger a password reset on my account, that IS a breach. I had to spend time investigating the issue for myself, changing my password, setting up 2FA, trying to log out on all devices which u don't make easy. What a waste of time. Get your act together!"

A third alleged: "That's wrong, and you're trying to cover things up. I received emails and I'm very concerned that it was a data breach. Many sources say the same thing and confirm this."

Whilst a fourth individual expressed their similar frustration, stating: "Too late, deleted my account this morning! You can't get a third party company to send a password reset email. That looks like our accounts have been hacked!".

Instagram has provided several suggestions to keep your account "safe and secure", meanwhile.

"We strongly recommend enabling two-factor authentication," it advises online. "If you're using WhatsApp, in the coming weeks you will be able to protect your account using your WhatsApp number in certain countries.

"Alternatively, you can enable two-factor using your phone number, or an authenticator app like Duo Mobile or Google Authentication."

The platform further suggests: "Make sure that the email and phone numbers associated with your device are up to date.

"That way if something happens to your account, we can reach you. These steps let you recover your account even if your info has been changed by a hacker."

reach logo

At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the sale or sharing of your data, at any time clicking the "Do Not Sell or Share my Data" button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Terms and Conditions.