Instagram users recently faced a security scare. Many received suspicious-looking password reset requests, sparking fears of a massive hack. However, the company officially states that the platform has not been breached.
On Sunday, January 11, Instagram addressed the situation directly. The company claims the influx of emails was a technical glitch, not a successful cyberattack.
We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.
You can ignore those emails — sorry for any confusion.
— Instagram (@instagram) January 11, 2026
Conflicting Reports on Stolen Data
This official denial contrasts sharply with earlier reports. On Friday, January 9, antivirus software company Malwarebytes shared a concerning update on Bluesky. They claimed cybercriminals successfully stole sensitive information from 17.5 million Instagram accounts.
According to the Malwarebytes post, this compromised data includes usernames, physical addresses, phone numbers, and email addresses. They further warned that this data is available for sale on the dark web and can be abused by cybercriminals.
Instagram Explains: The “External Party” Issue
Despite these serious allegations, Instagram maintains that user data is safe. The company posted on X to clarify the situation. They admitted that they fixed an issue that allowed an external party request password reset emails for some people.
They did not provide specific details about this external party or the nature of the issue. Instead, they simply advised users to disregard the notifications. Their statement concluded:
You can ignore those emails — sorry for any confusion.
