Instagram says it fixed issue behind password reset emails

Instagram says it fixed a bug that allowed external parties to trigger password reset emails and denied a data breach; cybersecurity firm Malwarebytes reported scraped user data for millions was listed for sale.

Instagram reported it fixed a problem that allowed an external party to request password reset emails for some accounts. Over several days many users received unexpected password reset messages and shared screenshots on social platforms. Separately, cybersecurity firm Malwarebytes reported that personal details for millions of users were listed for sale on the dark web. Instagram denied that a data breach had occurred. Known details: - Instagram said it fixed an issue that let an external party request password reset emails for some people. - The company denied any instance of a data breach that may have exposed user data. - Malwarebytes reported scraped personal details for millions were listed for sale, and some reports linked recent password reset phishing emails to that dataset. Summary: Instagram says the immediate technical issue has been fixed and that users received unsolicited reset emails as a result of that error. Security researchers reported scraped user data was offered for sale and connected some phishing activity to that dataset. Undetermined at this time.