Did You Get an Instagram Password Reset E-mail Lately? This May Be the Very Disagreeable Purpose

The cybersecurity firm Malwarebytes simply seen one thing disagreeable taking place over on the darkish internet:

Cybercriminals stole the delicate data of 17.5 million Instagram accounts, together with usernames, bodily addresses, telephone numbers, e mail addresses, and extra. This knowledge is out there on the market on the darkish internet and will be abused by cybercriminals.

[image or embed]

— Malwarebytes (@malwarebytes.com) January 9, 2026 at 8:34 AM

Did you obtain any surprising password reset emails from Instagram recently? If the feedback on a Reddit post about this breach from a few hours ago are any indication, you’re not alone.

Plainly the bodily addresses, telephone numbers, e mail addresses and different data hooked up to the accounts of 17.5 million Instagram customers is out there on the market within the sketchier components of the web.

Apparently Malwarebytes performs sweeps of the darkish internet for objects like this, and surmised that this cache of private particulars is tied a 2024 API breach that seemingly allowed an attacker to pry the data out of Instagram.

Some steps you may take to make sure that your data is protected embody:

Resetting your password proper now
Turning on two-factor authentication when you haven’t already
Completely deleting all social media accounts from all platforms

To this point Instagram doesn’t seem to have revealed an announcement about this difficulty. Gizmodo reached out to Meta for remark, and can replace if we hear again.

Trending Merchandise