![Instagram users are freaking out over a wave of unsolicited password reset emails [U: Potential data breach]](https://www.europesays.com/wp-content/uploads/2026/01/instagram-password-reset-email-featured.webp.webp)
Update 10/01/26 – 09:05 am (IST): Multiple users have confirmed that they received email newsletters via Malwarebytes with the following details:
This week, Malwarebytes discovered that hackers stole the sensitive information of 17.5 million Instagram accounts. Complete with usernames, physical addresses, phone numbers, email addresses, and more, this data can be abused by cybercriminals to impersonate trusted brands, trick users, and steal their passwords.
Critically, this data is already being offered on the dark web, with individual users also receiving legitimate password reset notifications from Instagram.
This could very well explain why millions of users have likely got these password reset emails, rather than it being an Instagram glitch as originally speculated.
Meta has yet to put out a statement regarding the alleged data breach. But given the volume of reports, I’d be surprised if the company manages to slide the problem under the rug.
Original article published on January 9, 2026, follows:
Instagram users noticed something weird over the last day or so, and thousands of them are trying to figure out what’s going on.
Starting around 4:00 – 5:00 AM EST on January 8, people began receiving password reset emails from Instagram that they never requested. The emails came from [email protected], which is Instagram’s legitimate domain, and included all the usual formatting and verification marks you’d expect from an official message.
Screenshot shared by u/Nerds-rope427
I didn’t get one myself, but I’ve noticed a wave of complaints flooding Reddit and X throughout the day. One user on the r/cybersecurity_help subreddit wrote, “I’m quite paranoid about anyone accessing my accounts and mostly want to know if this was targeted or if it was, again, sent out en mass on accident.”
The confusion makes sense. These emails looked completely legitimate, but nobody had actually requested a password reset. Some users tried verifying by checking their Instagram security settings, where the app normally shows a record of all emails sent. That’s where things got stranger: some people reported that these reset notifications didn’t show up in their official email history at all.
Others had a different experience. After manually changing their passwords through the app as a precaution, they received the exact same type of email from the same address, which seemed to confirm the domain was real.
So what’s actually happening? Nobody knows for sure, and Instagram hasn’t said anything publicly yet. The theories range from a potential data breach to a mass phishing campaign using a spoofed domain. Some people think it might just be a technical screwup on Instagram’s end. I’m leaning towards the latter myself. The emailed password reset page does indeed seem to be the real deal.
One Redditor who works in email marketing offered a plausible explanation: “It’s not unheard of and is usually caused by one person not turning off a trigger or not knowing about some legacy system downstream.” Basically, someone at Instagram might have accidentally sent these to a huge batch of users.
On X, users like @RocketRonnieRoc and @sid6489 tagged Instagram directly, asking for answers. @cjamado23 posted a tweet asking: “What is happening with Instagram? Why is everybody suddenly getting a reset password email?”
You can read more complaints here, here, here, here, here, and here.
This isn’t a handful of users reporting suspicious emails. It’s happening globally, with reports coming from users in different countries and time zones, all receiving similar messages within the same general timeframe.
For now, I’d suggest ignoring the email. If you’re worried about your account, the safest move is to manually reset your password through the Instagram app itself and turn on two-factor authentication.
We’ll keep an eye out for any word from Instagram regarding the mass password reset emails and will update the article when there’s something to share.