Meta denies viral claims about data breach affecting 17.5 million Instagram users, but change your password anyway

-

 

Millions of Instagram users panicked over sudden password reset emails and claims that 17.5 million user data records had been stolen, while Meta denied any breach allegations.

Millions of Instagram users received emails urging them to reset passwords. Many instantly linked the requests to the reported Instagram data breach by Malwarebytes last week.

The claims originated from a post on the notorious hacker forum Breach Forums, which advertised a dump titled “INSTAGRAM.COM 17M GLOBAL USERS – 2024 API LEAK.”


The seller claimed the dataset contained data on 17.5 million Instagram users, packaged in JSON and TXT files.

According to the post, the stolen data included full names, email addresses, phone numbers, and partial location data.

However, on Saturday, Meta issued a denial, explaining that the reset emails are related to an issue with a third-party service that allowed users to generate password reset emails.

The company claimed that it had fixed the problem, but denied that the issue had led to the theft of users’ personal information.“We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems, and your Instagram accounts are secure. You can ignore those emails. Sorry for any confusion,” Instagram posted on X on Saturday.

No new Instagram breach, old data reshared

Cybernews researchers have investigated the data listed on BreachForums and confirmed that the claims by the threat actor are false.

What the threat actor reshared is data from an old leak on Doxagram, a hacker website created in 2017 to sell personal data scraped from approximately six million Instagram user accounts.

At the time, Ido Naor, a researcher for Kaspersky Lab, reported to Instagram that there was a bug in Instagram's API password reset section.

There were approximately a total of 6 million “high-profile” accounts that had their personal phone numbers and email addresses stolen.

“The current listing is a repackaged Doxagram leak from 2022, since all the records match. However, the 2022 leak was also a repackaged scrape from 2017,” Cybernews researchers explained.


“It only contains private information, such as addresses and email addresses, from 2017. All other data is publicly accessible data like usernames, names, and IDs,” our researchers added.

The current dataset presented as Instagram’s user data is identical to the dataset from 2022.

“If you look at the usernames, structure, what fields are available, sequence of accounts, it's the same.”


Reference: https://cybernews.com/

Comments

Post a Comment

Popular posts from this blog

The Hidden Lag Killing Your SIEM Efficiency

-
Image
  If your security tools feel slower than they should, you’re not imagining it. Many IT teams blame their sluggish SIEM performance on query complexity or alert volume. But sometimes the real issue is much simpler: oversized input files quietly dragging your system down. Think about the last time you had to sift through a bloated PDF or an unoptimised log dump. Every unnecessary megabyte adds strain. Every redundant line eats up cycles. Your SIEM doesn’t just react to threats—it processes all incoming data, relevant or not. When it starts lagging, detection gets delayed, triage slows, and in the high-stakes world of threat response, even seconds count. We often focus on analytics and rule tuning, but upstream efficiency—what you feed into your system—deserves just as much attention. This article looks at how optimising your inputs unlocks downstream performance. Why Oversized Files Clog the Pipeline As data volumes grow, organisations face esca lating  data storage costs ,...
Read more

Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution

-
Image
Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution By : Rei Ibraima A newly discovered critical vulnerability in Veeam’s Backup & Replication software, designated as CVE-2025-23120, poses a significant security risk to enterprise environments. The flaw allows authenticated domain users to execute arbitrary code remotely, potentially leading to full compromise of backup infrastructures. About CVE-2025-23120 The vulnerability arises from an insecure deserialization issue within Veeam Backup & Replication components—particularly in the .NET classes Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary. Improper input validation in these components allows attackers to inject malicious serialized objects that are executed on the server side, resulting in Remote Code Execution (RCE). This issue affects systems where Veeam Backup & Replication is deployed in a domain-joined configuration, which—while common—is...
Read more

Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

-
Image
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report shared with The Hacker News. "The attacks involved the use of multiple new custom tools, including loaders, credential stealers, and a reverse SSH tool." The intrusion set is also said to have targeted a news agency located in another country in Southeast Asia and an air freight organization located in another neighboring country. The threat cluster, per Broadcom's cybersecurity division, is assessed to be a continuation of a campaign that was disclosed by the company in December 2024 as a high-profile organization in Southeast Asia since at least October 2023. ...
Read more