Instagram says there has not been a security breach, but an outside firm disagrees. Yesterday, Malwarebytes said users were inundated with fake emails telling them to reset passwords because cybercriminals hacked over 17 million accounts. They believe the hackers took advantage of a vulnerability in the Instagram API, which was discovered in 2024. Malwarebytes says the leaked databases contain user names, email addresses, phone numbers, and in some cases, physical addresses and that it’s already for sale on the dark web. Instagram's parent company Meta was a bit vague when it said that it "fixed an issue that let an external party request password emails for some people."
Photo: alexsl / iStock Unreleased / Getty Images