Instagram Users Flooded With Password Reset Emails: What Is The Problem?
पुस २८, २०८२ १७:५०
Kathmandu: If you have recently received a suspicious email asking you to reset your Instagram account password, you are not alone. On January 11, 2026, millions of users worldwide experienced similar security-related confusion.
While Instagram has described the issue as a technical glitch, cybersecurity experts claim that the personal information of millions of users is being sold on the dark web.
Statements from Instagram and Malwarebytes present conflicting narratives. Instagram says no data was stolen and that the issue was caused by an external technical error. However, reports of personal data linked to millions of users appearing on the dark web have raised serious concerns about digital security.
What Is Going On?
Over the past few days, Instagram users have been receiving official emails notifying them of password reset requests they did not initiate. This triggered fear that accounts may have been compromised.
On the night of January 11, 2026, Instagram said the issue had been resolved.
In a social media post, the company stated that a vulnerability had allowed an external party to trigger password reset emails for some users. Instagram said the flaw has now been fixed.
Meta-owned Instagram said, “There has been no breach in our systems, and your accounts are safe.” The company apologized for the confusion and urged users to ignore the emails.
Despite these assurances, Malwarebytes released a contrasting and alarming report. According to the company, cybercriminals have obtained sensitive information belonging to 17.5 million Instagram users.
Malwarebytes said the stolen data is currently being sold on the dark web, posing a risk of misuse.
The leaked data reportedly includes usernames, addresses, phone numbers, and email addresses. Malwarebytes said it discovered the information during routine dark web monitoring.
According to the cybersecurity firm, the data exposure may be linked to Instagram’s API vulnerability reported in 2024. It believes attackers may have reused previously leaked data or exploited an older flaw to trigger the recent wave of password reset emails.
Although Instagram insists user accounts remain secure, security experts warn that the exposed data could be used for phishing attacks or future account takeovers.
What Should Users Do Now?
Users are advised to take precautionary security measures. This includes enabling two-factor authentication on their Instagram accounts.
Users should also change their passwords and ensure they are strong and unique. It is recommended to visit Meta Accounts Center to review active login sessions and remove any unrecognized devices.
पछिल्लो अध्यावधिक: माघ ११, २०८२ १३:१३
