Instagram, owned by Meta, has denied a data breach after claims emerged that data from over 17 million Instagram accounts had been scraped and leaked online. The company stated that it had fixed a bug that allowed an external party to request password reset emails for some Instagram users, but reassured that there was no breach of its systems and people’s accounts remain secure.
The alleged leaked data, which was shared on hacking forums, contains information such as phone numbers, usernames, names, physical addresses, email addresses, and Instagram IDs for over 17 million accounts. However, Meta said that it is not aware of any API incidents in 2022 or 2024 that could have led to such a data breach.
While cybersecurity researchers have claimed the data is from a 2022 API scraping incident, they have not provided clear evidence to confirm this. The good news is that the leaked data does not contain passwords, but people should still be vigilant against targeted phishing, smishing, and social engineering attacks that may utilise this information.