Got Instagram Password Reset Email Without Asking? Is Your Account At Risk? Here's What Meta Said

Many Instagram users in India and across the world were left confused after they received password reset emails without making any request. The sudden emails triggered panic online, with several users asking

whether Instagram had been hacked or if a fresh data breach had taken place.The concern grew after cybersecurity firm Malwarebytes claimed that personal data linked to nearly 17.5 million Instagram accounts was being sold on the dark web. As per the claim, the leaked information includes usernames, email addresses, phone numbers and physical addresses. Screenshots of the alleged data leak quickly went viral on social media platforms.The issue gained more attention when Troy Hunt, the founder of breach-checking platform Have I Been Pwned, said he also received an Instagram password reset email recently. His post further fuelled speculation about a possible security lapse at Instagram.However, cybersecurity experts have clarified that there is no evidence of a new Instagram data breach. According to multiple researchers, the data now circulating online is not fresh and appears to be old information from earlier incidents. Experts say the dataset is linked to an API-related issue from 2022 and was later shared publicly in 2023. Some reports even suggest parts of the data may be several years old.Responding to the reports, Meta, which owns Instagram, denied any recent breach of its systems."We fixed an issue that allowed an external party to request password reset emails for some Instagram users. We want to reassure everyone there was no breach of our systems and people’s Instagram accounts remain secure. People can disregard these emails and we apologize for any confusion this may have caused," the Meta spokesperson was quoted as saying to HT.com.Despite Meta’s clarification, experts warn users to stay alert. Even old leaked data can be misused for phishing, fake Instagram support calls, or SIM swap scams. Attackers may try to trick users into sharing OTPs or login details.Users are advised to enable two-factor authentication, preferably using an authenticator app, avoid clicking on suspicious links, and never share verification codes with anyone.