January 12, 2026 – Recently, news emerged that data from over 17.5 million Instagram accounts under Meta had been leaked, sparking widespread concern across the industry.
In response, a Meta spokesperson told BleepingComputer that the reports were false. “We’ve fixed an issue that had allowed external parties to initiate password reset email requests for some Instagram users,” the spokesperson stated.
They also emphasized that Instagram’s systems had not been breached and that user accounts remained secure. “Users can disregard these emails, and we sincerely apologize for any inconvenience caused.”
The controversy surrounding the alleged Instagram data leak began when cybersecurity firm Malwarebytes issued a warning to its clients, claiming that hackers had stolen data from as many as 17.5 million Instagram accounts. Subsequently, the purported Instagram data was posted for free on multiple hacker forums, with the poster alleging it came from an unconfirmed 2024 Instagram API leak.
The Meta spokesperson advised users to simply ignore and delete any Instagram password reset emails or verification code SMS messages they receive. Additionally, they strongly recommended that users enable two-factor authentication (2FA) on their accounts if they haven’t already done so to enhance security.
