NAIROBI, Kenya — Instagram has moved to calm fears of a global cybersecurity breach after millions of users reported receiving unexpected password reset emails, triggering widespread concern that accounts were under attack.
In a statement issued on Sunday, January 11, the photo-sharing platform said the alerts were the result of a technical issue that allowed an external party to trigger password reset requests, but not to access user accounts.
“We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems, and your Instagram accounts are secure. You can ignore those emails. Sorry for any confusion,” Instagram said in a statement shared on X.
The reassurance followed hours of panic across social media, where users from different parts of the world reported receiving emails warning that their passwords had been reset or needed to be changed urgently.
Many feared cybercriminals were attempting to hijack accounts, particularly those linked to business pages, influencers, and verified profiles.
The company said the emails were not sent by hackers impersonating Instagram but were mistakenly triggered by its own systems. To help users distinguish real security alerts from scams, Instagram added that legitimate password reset emails always come from addresses ending in @mail.instagram.com.
The scare came against the backdrop of growing public anxiety over data security on major technology platforms. Reports circulating online claimed the spike in password reset requests may have been linked to a recent leak of sensitive data from more than 17 million Instagram accounts.
The dataset was allegedly released by a hacker who identifies himself as “Solonnik,” raising fears that personal details could be used to target users.
According to those reports, the data exposure was tied to a 2024 application programming interface (API) vulnerability that allowed a hacker to bypass standard security controls and scrape user information.
The data was later published on a cybercrime forum, prompting alarm among cybersecurity analysts.
Instagram has urged users to ignore unsolicited password reset emails and avoid clicking on suspicious links. Users have also been advised to activate two-factor authentication and review recent login activity to reduce the risk of unauthorised access.
The incident underscores the growing power of technology platforms over personal data and online security, and the thin line between automated protection and mass confusion when systems fail.
As millions rely on Instagram for communication, commerce, and public engagement, even a temporary technical error can ripple into a global trust crisis.
