New Delhi: Instagram happens to be one of the most used social media apps in the world, with 2 billion active monthly users, and that makes it the biggest target of hackers. Over the past weekend, there have been reports of data linked to about 17 million Instagram accounts being exposed in a breach, which Meta have denied.
The clarification comes after a hike in user complaints about unexpected password reset emails, which obviously had a heavy concerns among users of a large-scale data leak. Over the past week, there have been unsolicited password alerts. These suspicious activities coincided with a report from the cybersecurity organisation Malwarebytes, which claimed that a database containing details for approximately 17.5 million accounts was being auctioned on the dark web.
The compromised data allegedly consisted of usernames, emails, contacts, and phone numbers, with some records allegedly having home addresses as well.
This sparked immediate fears of a massive data compromise at Instagram. Anxious users took to platforms like X to document the recent developments and urged others to update their login credentials. Even though a formal breach has not been confirmed, the scale of the alleged leak has left many on high alert.
What has Meta said?
A Meta spokesperson gave a statement to Hindustan Times and refuted the claims about the data breach. The company said it had identified and fixed an issue that allowed an external party to trigger password reset emails for some Instagram users. Meta stressed that this activity did not involve any kind of unauthorised access to their systems or user accounts.
The Meta spokesperson noted that the issue had been fixed and that “Instagram accounts” were still secured, and users who have received such emails can ignore them.
Even though Malwarebytes cautions that the leaked information could be exploited for fraudulent activities like phishing, Meta has countered these claims by stating that its internal systems remain uncompromised and no sensitive data was leaked. There has been no third-party confirmation that the data being sold actually originated from Instagram’s own servers.
Precautions Instagram users can take
In spite of Meta’s reassurance, cybersecurity experts emphasise general advice to users, which includes users to activate two-factor authentication, ignoring links in unexpected emails, and auditing privacy settings. To be on the safer side, users can update their login credentials, particularly for those who have recently received suspicious reset notifications.
This situation reflects a broader trend wherein automated systems are often used to trigger mass reset requests. This has been an issue that does not always signify a deep-rooted system hack. Meta’s response is intended to stabilise user confidence during a period of increased concern over digital privacy. For now, the company asserts that the platform is secure and the underlying problem has been addressed.