**Instagram Denies Breach Amid Widespread Email Campaign**

In a move that has left many users scratching their heads, Instagram has denied being the victim of a data breach after thousands received emails prompting them to reset their password.

The social media giant claimed it had resolved an issue which allowed "an external party" to obtain legitimate password reset requests from users, but insisted there was no breach of its systems. The company assured users that their accounts were secure and that the email campaign was not a scam or phishing attempt.

However, cybersecurity firm Malwarebytes has cast doubt on Instagram's statement, claiming that the password reset emails were actually sent as a result of a hack. According to Malwarebytes, cybercriminals had stolen sensitive information from 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.

In a post on X, the company shared a screenshot of a password reset email from Instagram, which it claimed was sent as part of an ongoing sale of private data on a hacker forum. The advert, which has been viewed over 2.3 million times, claims to have the personal details of 17.5 million Instagram users, supposedly obtained from a "leak" in 2024.

But some security researchers believe that the data may actually be an old database gathered from publicly available information, such as names and locations, which could have been compiled as far back as 2022. The password reset emails, combined with Malwarebytes' warning, has left thousands of users confused and concerned for their online safety.

Instagram's explanation of the issue has also raised questions, particularly about who the external party was that was able to send out legitimate password reset requests on behalf of the firm. Despite repeated attempts by the BBC to get more information from Instagram, the company remained tight-lipped on this matter.

Users have been advised to be cautious and not to click on links in the email, but instead go straight to the website or app to make changes to their passwords and add extra protection. The incident serves as a reminder of the importance of online security and the need for users to stay vigilant against potential threats.

**Related Stories**

* How your data is being scraped from social media * Facebook tests £9.99 monthly subscription for sharing more than two links * Scammers hacked her phone and stole thousands - so how did they get her details?

**Sign up for our Tech Decoded newsletter to stay up-to-date on the world's top tech stories and trends. Outside the UK? Sign up here.