Overview
- Meta says it patched an issue that let an external party trigger password reset emails and that accounts remain secure.
- Malwarebytes flagged a trove of roughly 17–17.5 million Instagram records circulating on dark‑web forums.
- Security researchers report the dataset appears to be recycled from earlier scrapes rather than a fresh breach.
- The records reportedly exclude passwords but include emails, phone numbers and partial addresses that facilitate phishing and SIM‑swap scams.
- Users are urged to enable app‑based two‑factor authentication, verify messages from @mail.instagram.com, and manage resets only inside Instagram.