Instagram disputes Malwarebytes’ claim of massive data theft

Emre Çıtak · January 12, 2026, 13:30 ·1 min read

Instagram stated there has been no security breach, despite some users receiving suspicious-looking password reset requests.

A Friday post on Bluesky by antivirus firm Malwarebytes shared a screenshot of an Instagram email notifying users of a password reset request. The post claimed, “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.” Malwarebytes added that this data “is available for sale on the dark web and can be abused by cybercriminals.”

Instagram later posted on X that it had “fixed an issue that let an external party request password reset emails for some people.” The company did not disclose details about the external party or the specific technical issue. It concluded, “You can ignore those emails — sorry for any confusion.”

Written by

Emre Çıtak

Emre’s love for animals made him a veterinarian, and his passion for technology made him an editor. Making new discoveries in the field of editorial and journalism, Emre enjoys conveying information to a wide audience, which has always been a dream for him.

View all posts →