BREACHWATCHER

Proactive Cybersecurity Monitoring

Menu

Unexpected Instagram Password Reset Emails and Resurfaced User Data

Threat actors recently exploited a now-fixed bug in Instagram that allowed them to mass-request password resets for targeted accounts. As a result, many Instagram users—including potentially some of you—have received one or more unexpected but legitimate password reset emails from Instagram (example shown below).

Separately, a dataset containing information from approximately 17 million Instagram accounts was recently posted on an underground forum. The dataset includes only publicly available profile details such as usernames, display names, and profile IDs. No passwords or other highly sensitive information were included. Meta has confirmed that this is not the result of a new breach of their systems; the data is a repackaged compilation of older, previously scraped public information. If your email address was found in the leaked dataset, BreachWatcher would notify you.

WHAT SHOULD YOU DO?

  • Ignore the email if you have a not requested the password reset.
  • Do not click on any suspicious links or URLs.
  • Use a strong and unique password for your Instagram account.
  • Ensure that you have enabled two-factor authentication (2FA) for your Instagram account.
  • Be extra cautious for any messages claiming to be from Instagram or Meta asking for credentials, codes, or urgent action.
Banner with text: 'Stay vigilant, stay safe, subscribe today' promoting cybersecurity awareness.
BreachWatcher Logo: Knight in armor holding shield and spear saying "we watch for you"
Menu

Contact Us

BreachWatcher Logo: Knight in armor holding shield and spear saying "we watch for you"

Contact Us

  • Pretoria, South Africa

  • Relevant Email Address

  • Relevant Number