Are Instagram password reset emails a phishing attack? How to protect yours
Instagram has reportedly been hit by a data breach, with personal information of 17.5 million users leaked and circulating on hacker forums, raising major cybersecurity concerns.
The exposed information includes usernames, full names, email addresses, phone numbers, partial addresses, and other contact details.
As per the experts, such data is usually exploited for impersonation purposes, phishing attacks, and account hacking.
Several reports suggested the major breach is to be linked to an Instagram API vulnerability from 2024. A hacker using the alias “Solonik” posted the dataset for free on BreachForums on January 7, 2026, containing JSON and TXT files with structured information, including account details, usernames, emails, user IDs, and more.
Following the leak, Instagram users also reported receiving a password reset notification, expectedly connected to the breach.
As per the cybersecurity analysts, hackers often rely on unsuspecting users clicking these reset links, regardless of how legitimate it looks, ignore them.
However, the Meta-owned Instagram has yet to officially address the issue.
The platform continues to recommend that all users enable two-factor authentication (2FA) to protect accounts. Moreover, Instagram supports recommends checking for unrecognized login attempts
Security experts urge users to remain vigilant, avoid clicking unsolicited links, and report suspicious messages.
