Social media platform Instagram has come out to diffuse concerns by millions of users worldwide, who reported receiving unexpected password reset emails.
In a statement on the morning of Sunday, January 11, the photo-sharing app reassured
Social media platform Instagram has come out to clarify recent concerns by millions of users worldwide who have been receiving unexpected password reset emails.
The platform reassured users that their accounts remain secure, following widespread fears of a potential breach.
“We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure. You can ignore those emails. Sorry for any confusion," a statement from Instagram, shared on X, read.
In other words, the social media platform confirmed that the emails users received were mistakenly triggered by its own systems, not sent by attackers pretending to be the lucrative platform.
The clarification comes amid reports that millions of Instagram users were receiving emails claiming their account passwords needed to be reset.
Userw typically raised alarm, with sections suspecting their accounts were under attack by cybercriminals who were exploiting the platform's user base to gain unauthorised access.
Instagram has since clarified that official password reset emails always come from domains ending in @mail.instagram.com, which can help distinguish real messages from scams.
The spike in password reset emails was likely connected to a recent leak of sensitive data from more than 17 million Instagram accounts, which were reportedly posted by a hacker who identifies himself as "Solonnik".
Back in 2024, there was an API leak after a hacker bypassed standard security measures to scrape user information. The dataset was later published for free on a cybercrime forum, raising alarm among cybersecurity professionals.
Despite the huge leak, Instagram's parent company Meta never officially confirmed the breach, sparking more uncertainty.
According to experts, however, even if some account information of millions of users was exposed, it would not be enough for attackers to gain control without additional personal details.
Instagram users have, however, been urged to ignore unsolicited password reset emails. Experts have also urged users to avoid clicking suspicious links and ensure two-factor authentication is enabled.
