Audio By Carbonatix
Instagram has denied it has been victim to a data breach after many users received emails prompting them to reset their password.
The firm said it had resolved a problem which allowed "an external party" to get the social media platform to send out legitimate password reset requests to users.
Instagram said there had been no breach of its systems, and told users their accounts were secure.
But some experts have questioned the statement, with cyber security firm Malwarebytes claiming the password reset emails had in fact been sent as a result of a hack.
"Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more," it claimed in a post on X, along with a screenshot of a password reset email from Instagram.
No further details were given by the company, but the post has been viewed more than 2.3 million times.
Malwarebytes told the BBC it believed the password reset emails were a direct result of an ongoing sale of private data on a hacker forum, where a criminal has claimed to have the personal details of 17.5 million Instagram users.
The advert claims the data comes from a "leak" in 2024.
But some security researchers think it is actually an old database that was gathered from data which could be publicly viewed - such as names and locations - in 2022.
'No breach'
The password reset emails coupled with the Malwarebytes warning has prompted confusion for thousands of people on social media.
And Instagram's explanation also posed questions.
"We fixed an issue that let an external party request password reset emails for some people," the company said.
"There was no breach of our systems."
But Instagram did not respond to the BBC's questions about who the external party was which could send out legitimate password reset requests on behalf of the firm.
The emails caused concern for some users on social media, who feared it was a scam or phishing attempt designed to glean more of their details.
But the links in the email do not appear to be malicious, and the password reset process a user is guided through appeared to be legitimate.
However the advice, as ever, is to go straight to the website or app to make changes to passwords and add extra protection.
Latest Stories
-
Israel pounds Beirut suburbs after Hezbollah launches rocket barrage
10 minutes -
Bank of Africa donates to National Chief Imam’s office to support Ramadan
17 minutes -
Communications Minister Launches iCOLMS-GH to streamline courier sector, gives operators 19-day compliance deadline
42 minutes -
Prudential Ghana agent earns multiple honours locally and Africa
44 minutes -
Vote for a competent, grassroots person as organiser to help NPP reclaim power – Ali Maiga Halidu
48 minutes -
25 MDAs sign data-sharing pact with Ghana Statistical Service
54 minutes -
Legacy Girls’ College celebrates national recognition of two students at 2025 WASSCE
1 hour -
Oil price jumps despite deal to release record amount of reserves
1 hour -
Sahara Group commissions 40,000cbm Asharami Ghana LPG vessel to advance clean energy access in Ghana
1 hour -
Ghana’s Ambassador to Côte d’Ivoire marks 69th independence day with call to ‘build prosperity and restore hope’
1 hour -
COCOBOD to distribute 27,000 sprayers and 89,000 PPE sets to cocoa farmers
1 hour -
Ntim Fordjour accuses NDC of ‘double standards’ over presidential travel
2 hours -
Israel–Iran war shakes global insurance industry; Ghana may face heavy impact – Dr Kingsley Agyemang
2 hours -
DJ Mensah calls for national support for Rapperholic UK as Sarkodie eyes O2 Arena
2 hours -
COCOBOD disburses GH¢4.2bn to Licensed Buying Companies to settle cocoa farmers’ arrears
2 hours