Massive Instagram Data Scare Ties 17.5M Accounts to Leak, But Meta Denies Breach

Millions of Instagram users received unexpected password reset emails starting January 8, 2026, sparking data breach concerns. Malwarebytes discovered a dataset on dark web forums allegedly containing usernames, phone numbers, emails, and location data for 17.5 million accounts. Meta denies any system breach, claiming a technical issue allowed external parties to trigger password resets. Security experts recommend enabling two-factor authentication, ignoring unsolicited reset emails, and monitoring account activity. The source of the leaked data remains unclear, possibly from scraping or older compiled sources.