Instagram said that although a part of users received emails requesting password reset that seemed suspicious, the company's system was not compromised.
This information seems to contradict a recent post by Malwarebytes (a cybersecurity company specializing in developing anti-malware software). The post shared an email photo from Instagram announcing a request to reset the password, and declared that "cybercriminals have stolen sensitive data of 17.5 million Instagram accounts, including usernames, real addresses, phone numbers, emails and many other information".
According to Malwarebytes, this data "is being offered for sale on the dark web and may be exploited by cybercriminals".
However, Instagram later posted a notification on X (instead of Instagram or Threads), stating that they had "remedied an incident allowing an outsider to send an email request to reset the password to some users".
Instagram did not specify who it was outside as well as the technical details of the incident, but emphasized that users "can skip these emails" and apologize for the confusion caused.
