• A recent report circulating on social media and some cybersecurity newsletters states that **hackers stole sensitive information from about 17.5 million Instagram accounts.
• This data allegedly includes usernames, physical addresses, phone numbers, email addresses, and more, and is being offered for sale on the dark web.

Why Many Users Are Seeing Password Reset Emails

• Many Instagram users globally have reported receiving legitimate “reset your password” emails that they never requested.
• Some cybersecurity discussions online connect this surge in reset emails to the possible data compromise, suggesting attackers may be testing or abusing access.

Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more. pic.twitter.com/LXvjjQ5VXL

— Malwarebytes (@Malwarebytes) January 9, 2026

Confirmed through multiple user reports: unusual password reset email activity.
Reported but not officially confirmed by Meta/Instagram yet: the exact scale of the leak and how the data was accessed.

Why This Matters

If the leak is real and includes the data claimed:

• Identity theft risks increase — contact info can be used in targeted scams.
• Account compromise attempts could rise if attackers use exposed emails/phones for phishing or brute-force tactics.

What You Should Do (Now)

Regardless of the breach’s exact details:

1. Change your Instagram password via the app itself (not through email links).
2. Enable Two-Factor Authentication (2FA) on your Instagram account.
3. Avoid clicking unexpected reset links — manually navigate to the app to verify security notices.
4. Check linked email/text accounts for unusual activity (spam, phishing).

Meta/Instagram Status

• As of now, Meta (Instagram’s parent company) has not issued a public statement confirming or denying the breach.