Instagram Denies Data Breach After 17M Account Leak Claims
▼ Summary
– Instagram fixed a bug that allowed external parties to mass-request password reset emails, but Meta states there was no system breach.
– A dataset containing profile information from over 17 million Instagram accounts was leaked online, though the data is incomplete for many records.
– The origin of the leaked data is unclear, with claims linking it to past API scraping incidents, but Meta denies knowledge of any recent API compromises.
– The leaked information does not include passwords, but users should be vigilant against targeted phishing and social engineering attacks.
– Users are advised to ignore unsolicited password reset requests and to enable two-factor authentication for increased account security.
Instagram has addressed a software flaw that permitted unauthorized parties to request password reset emails for user accounts. This clarification comes amid widespread reports of a massive data leak involving information from over 17 million profiles. The company firmly denies any breach of its internal systems, stating user accounts remain secure. The social media platform insists there was no data breach, attributing the incident to a now-resolved bug.
A Meta spokesperson explained the situation, noting the issue has been corrected. They emphasized that people can disregard any unexpected password reset emails and apologized for any confusion. The statement aimed to reassure users following alerts from cybersecurity firms about a dataset containing millions of account details circulating online.
Reports indicate that information allegedly belonging to more than 17 million Instagram accounts was posted freely on various hacking forums. The shared data reportedly includes details like phone numbers, email addresses, usernames, and physical locations. The leaked dataset is said to contain information from over 17 million accounts, though not every record is complete; some list only a username and an account ID.
Cybersecurity experts discussing the leak on social media have suggested the data might originate from an older API scraping incident, possibly from 2022. However, concrete evidence to confirm this source has not been publicly provided. Meta has stated it is not aware of any such API compromises occurring in either 2022 or 2024.
This is not the first time Instagram has dealt with data scraping issues. A similar problem in 2017 led to the information of millions of users being collected and sold. It remains unclear if the newly surfaced data is a combination of that older leak with more recently gathered information.
The individual responsible for posting the data online did not respond to requests for comment regarding its origin. Without confirmation from the poster or evidence of a new vulnerability, the incident is not currently classified as a fresh data breach. The available information suggests it may be an aggregation of data scraped from various sources over multiple years.
A positive aspect for users is that the leaked information does not include account passwords. Therefore, changing your Instagram password is not necessary as a direct result of this leak. The leaked data does not contain passwords, so changing them is not required.
Nevertheless, the exposure of personal details like emails and phone numbers presents a real risk. Users should be cautious of targeted phishing attempts, fraudulent text messages, and social engineering attacks that leverage this information. Cybercriminals often use such data to craft convincing scams aimed at stealing login credentials or other sensitive data.
If you receive an unexpected password reset email or a text message with a verification code from Instagram, the safest action is to ignore and delete it if you did not request it. Enabling two-factor authentication is strongly recommended to significantly enhance account security. This extra layer of protection can help prevent unauthorized access even if your contact information is exposed.
(Source: Bleeping Computer)
