ISLAMABAD: A reported data leak has triggered renewed concerns about Instagram account security after cybersecurity firm Malwarebytes said personal information linked to 17.5 million users may be circulating on the dark web. The firm reported that it identified the dataset during routine monitoring and believes the exposed material includes usernames, email addresses, phone numbers, and physical addresses.
Malwarebytes warned that criminals could exploit the information through social engineering and by abusing Instagramโs password reset system. The claims emerged after many users reported receiving unexpected password reset emails over recent weeks. Consequently, fears of a large-scale breach spread quickly across social media platforms and online forums.
Meta, which owns Instagram, has denied that attackers compromised its systems. In an official statement, the company said an external entity triggered password reset requests without gaining unauthorised access to user accounts. Meta insisted that its infrastructure remains secure and that the activity does not constitute a data breach. Nevertheless, the company acknowledged user concerns and said it continues to monitor suspicious behaviour.
Users report unusual activity despite Meta denial
Despite Metaโs assurances, numerous users have shared their experiences online. Some said they received repeated password reset notifications, while others reported alerts about attempted logins from unfamiliar locations. As a result, many users proactively changed their passwords and reviewed their account settings.
Cybersecurity analysts note that even without a confirmed breach, the circulation of large datasets online can still pose real risks. They warn that exposed details can enable phishing attacks, account takeovers and identity fraud when combined with other leaked information from past incidents.
Experts urge stronger security practices
Malwarebytes reported that sellers are allegedly offering the data for sale on underground marketplaces, which raises the risk of widespread misuse. The incident has also revived scrutiny of Metaโs past data security challenges. In 2021, Facebook confirmed that data from more than 530 million users had been exposed through scraping of public profiles, although the company said hackers did not breach its systems.
Cybersecurity experts continue to advise users to enable two-factor authentication, use strong and unique passwords, review authorised third-party apps and secure their linked email accounts. Moreover, they encourage users to remain vigilant for suspicious messages and login alerts.
