Instagram denies breach amid claims of 17 million account data leak

Instagram has denied any breach amid claims that data from over 17 million accounts was scraped and leaked online. According to Bleeping Computer, a spokesperson from Meta stated, “We fixed an issue that allowed an external party to request password reset emails for some Instagram users,” assuring that there was no breach and users’ accounts remain secure.

A media frenzy erupted when Malwarebytes alerted customers that cybercriminals had purportedly stolen this data, which was then offered for free on multiple hacking forums. The shared data is said to include phone numbers, usernames, names, physical addresses, email addresses, and Instagram IDs, although not all records contain complete information.

Some cybersecurity researchers have suggested the scraped data is from a 2022 incident, yet evidence for this is lacking, and Meta claimed no knowledge of incidents in those years. It’s uncertain whether the leaked data includes information from a previous 2017 API scraping incident that affected 6 million accounts.

Importantly, the leaked data does not contain passwords, so users do not need to change them but should remain vigilant against phishing attempts that utilize this information. Users receiving unsolicited password reset emails should ignore and delete them, and it’s advisable to enable two-factor authentication for increased security.

To read the complete article, visit Bleeping Computer.