Instagram Password Reset Emails: Hack, Data Leak, & Security Tips 2026

Instagram users began reporting a surge of unsolicited password reset emails starting January 6, 2026, raising concerns about potential data breaches at the popular social media platform. Numerous users received official-looking emails from Instagram requesting a password reset despite not initiating the process themselves.

Read Also: Cara Kerja Algoritma Instagram Menghargai Konten Carousel Edukasi

The emails appeared legitimate, originating from verified Instagram accounts with official domains, fueling anxieties about a possible data leak. Discussions quickly spread beyond Instagram, gaining traction on other social media platforms, including X (formerly Twitter).

Unsolicited Password Reset Emails Cause Concern on Instagram

For several days, users have been receiving these password reset requests, creating disruption and prompting questions about the security of their personal data. The incident comes at a time when data privacy is a growing concern for social media users worldwide.

Further complicating the situation, cybersecurity firm Malwarebytes reported evidence suggesting that sensitive information from millions of Instagram accounts may have been compromised by hackers and subsequently offered for sale on the dark web forum BreachForums.

According to the Malwarebytes report, the threat actor, identified as “Solonnik,” allegedly obtained data including full names, usernames, email addresses, user IDs, international phone numbers, and partial physical addresses.

Data Breach Monitoring Site HIBP Adds Instagram Incident

The leaked data reportedly stems from a breach of Instagram’s Application Programming Interface (API) that originally occurred in 2024, but the information only recently surfaced and began circulating.

Read Also: Cara Mudah Validasi Ide Konten sebelum Produksi Menggunakan Instagram Story

Have I Been Pwned (HIBP), a well-known data breach monitoring service, has added the incident to its database, estimating that approximately 6.2 million accounts may be affected. This substantial number has heightened public concern about the scope of the potential data exposure.

Meta Responds to Reports

Responding to the widespread reports, Meta, Instagram’s parent company, acknowledged a technical issue or bug that allowed external parties to trigger mass password reset emails. However, Meta firmly stated that the incident was not the result of a successful security breach of its systems, and that sensitive data remained secure.

What Users Should Do

Instagram and cybersecurity experts have offered several recommendations to help users protect their accounts in light of the incident.

Change Your Password

Users who have received a suspicious password reset email are advised to change their passwords as a precaution. It’s recommended to do so through the official Instagram app, which can be downloaded from the Google Play Store or App Store.

Ignore Suspicious Emails

Users should avoid clicking on any links in suspicious emails, especially if they did not request a password reset. This will help prevent potential phishing attempts and protect account information.

Enable Two-Factor Authentication

Enabling two-factor authentication adds an extra layer of security to accounts, ensuring that only the authorized user can access the information. This feature is widely considered a best practice for protecting online accounts.

Read Also: Ide Konten Repurposing untuk Kreator Pemula, Metode Ampuh Mengatasi Kelelahan Bermain Medsos

The unsolicited password reset emails have become a significant point of discussion, attracting attention from data breach monitoring services and Instagram’s parent company. While the incident has caused concern among users, taking proactive steps to secure accounts can help mitigate potential risks. (R10/HR-Online)