Meta today denied claims that 17.5 million user accounts were leaked online after many received emails requesting password resets. In a statement to Bleeping Computer, Instagram representatives said they have closed a vulnerability that allowed hackers to send password reset emails to some users.
The new 17.5 million user data allegedly being sold on the dark web, they said, is old data from 2017 from various sources. Among the information being sold are names, usernames, phone numbers, addresses, and emails. Regarding the alleged data theft in 2022 and 2024 using API leaks, Instagram again denied it.
However, if you receive an email to reset your password that you did not request, please ignore it and delete the email. The best security features are still through the use of long passwords, and 2FA systems such as Passkey to make it more difficult for hackers to steal your account.
