Did You Get an Instagram Password Reset Electronic mail Just lately? This Would possibly Be the Very Disagreeable Motive

The cybersecurity firm Malwarebytes simply observed one thing disagreeable occurring over on the darkish net:

Cybercriminals stole the delicate info of 17.5 million Instagram accounts, together with usernames, bodily addresses, cellphone numbers, electronic mail addresses, and extra. This information is obtainable on the market on the darkish net and might be abused by cybercriminals.

[image or embed]

— Malwarebytes (@malwarebytes.com) January 9, 2026 at 8:34 AM

Did you obtain any surprising password reset emails from Instagram recently? If the feedback on a Reddit post about this breach from a few hours ago are any indication, you’re not alone.

Evidently the bodily addresses, cellphone numbers, electronic mail addresses and different info connected to the accounts of 17.5 million Instagram customers is obtainable on the market within the sketchier elements of the web.

Apparently Malwarebytes performs sweeps of the darkish web for gadgets like this, and surmised that this cache of private particulars is tied a 2024 API breach that possible allowed an attacker to pry the knowledge out of Instagram.

Some steps you possibly can take to make sure that your info is protected embrace:

Resetting your password proper now
Turning on two-factor authentication in case you haven’t already
Completely deleting all social media accounts from all platforms

Thus far Instagram doesn’t seem to have printed an announcement about this challenge. Gizmodo reached out to Meta for remark, and can replace if we hear again.

Trending Merchandise