Social media large Meta on Sunday confirmed an Instagram password reset vulnerability however denied being breached, amid claims that Instagram customers’ knowledge has been leaked on-line.
The resolved vulnerability, the corporate stated on X, allowed third events to ship password reset requests to Instagram customers.
“We fastened a difficulty that allow an exterior celebration request password reset emails for some individuals,” Meta stated.
Whereas the corporate has not shared additional particulars on the weak point, many customers complained on X about receiving such emails.
Some customers stated they’ve been receiving them for a very long time, others acquired them throughout a number of Meta merchandise, whereas others stated the current messages had been despatched to a “mail checklist” and had been ignored.
“There was no breach of our techniques and your Instagram accounts are safe. You may ignore these emails — sorry for any confusion,” the corporate stated.Commercial. Scroll to proceed studying.
Meta’s denial of an information breach got here shortly after cybersecurity agency Malwarebytes notified its customers that hackers had leaked on-line knowledge related to 17.5 million Instagram accounts.
“Cybercriminals stole the delicate info of 17.5 million Instagram accounts, together with usernames, bodily addresses, cellphone numbers, e mail addresses, and extra,” the corporate stated on X.
Responding to Malwarebytes’ message, nevertheless, cybersecurity consultants identified that the allegedly stolen info will not be new, however quite a part of a 2022 knowledge leak. The identical knowledge was resurfaced by a menace actor in November 2024, the consultants say.
On Sunday, knowledge breach notification service Have I Been Pwned warned {that a} menace actor had certainly shared on a hacking discussion board a dataset containing greater than 17 million entries.
The dataset incorporates 6.2 million e mail addresses. Usernames, show names, account IDs, geolocation knowledge, and cellphone numbers had been additionally leaked.
The information doesn’t seem linked to the Instagram password reset problem and was allegedly obtained through an Instagram API.
“The scraped knowledge seems to be unrelated to password reset requests initiated on the platform, regardless of coinciding in timeframe. There isn’t any proof that passwords or different delicate knowledge had been compromised,” Have I Been Pwned notes.
SecurityWeek has emailed Meta for a press release on the alleged knowledge breach and can replace this text if the corporate responds.
Associated: 377,000 Impacted by Information Breach at Texas Gasoline Station Agency
Associated: Dozens of Main Information Breaches Linked to Single Risk Actor
Associated: Covenant Well being Information Breach Impacts 478,000 People
Associated: High US Accounting Agency Sax Discloses 2024 Information Breach Impacting 220,000
