Instagram has moved to calm its users by refuting claims that the data of over 17 million users had been compromised. Reports emerged on January 10 indicating that account information had been leaked online, resulting in many users receiving unexpected password reset emails.
Previously, cybersecurity company Malwarebytes stated that the leaked data contained usernames, physical addresses, phone numbers, and email addresses of 17.5 million Instagram accounts. The firm warned that this sensitive information was being sold on the dark web, posing a risk of exploitation by cybercriminals.
Instagram itself has contradicted these claims. In a statement on Sunday, the platform clarified that there was no breach of their systems and reassured users that their accounts were secure. Instagram acknowledged an issue that allowed a third party to request password reset emails for some users and advised users to disregard such emails.
Despite Instagram’s reassurance, many users remained skeptical, questioning how a third party could trigger password resets. Some users expressed concerns, suggesting that the situation resembled a breach due to the password reset activities.
Instagram has provided guidelines on enhancing account security. The platform strongly recommends enabling two-factor authentication and announced upcoming features to link WhatsApp numbers for added protection in select regions. Users can also opt for two-factor authentication using their phone numbers or authenticator apps like Duo Mobile or Google Authentication. Additionally, maintaining updated email and phone number details on the account is advised to facilitate account recovery in case of unauthorized changes.
Users are advised to review and update their account security settings to safeguard their Instagram profiles effectively.