Major Instagram Data Breach: Millions of Accounts Leaked, Users Targeted by “Password Reset” Phishing Attacks
Major Instagram Data Breach, 11 Jan 2026 (BNN Web Staff):
Instagram users are being warned to stay alert. Recent reports indicate that data from approximately 17.5 million (1.75 crore) Instagram accounts has been leaked. Following this breach, a large number of users have started receiving unsolicited emails and notifications prompting them to reset their passwords. If you receive such a message without requesting it, you should be immediately cautious.
Cybersecurity experts warn this is a direct case of account hijacking via phishing, where attackers are misleading users to gain control of their accounts. A key danger is that the emails being sent in these attacks appear completely genuine and seem to come from Instagram’s official ID, making it easy for users to fall into the trap. Let’s understand this issue in more detail.
First, Understand What a ‘Password Reset Attack’ Is
According to media reports, data from 17.5 million Instagram accounts is present on an online platform called BreachForums. Following this, hackers have adopted a new method, being termed a ‘Password Reset Attack’.
In this method, hackers do not try to directly change your account password. Instead, they send a password reset request through Instagram itself. When users receive this email, they mistakenly believe it is a genuine security alert from Instagram and click on the ‘Reset Password’ link. This single mistake puts the account at risk, and in many cases, hackers gain full control of the account.
What to Do if Such an Email Arrives & How to Secure Your Account
Do NOT Click the Link: If you did not request a password change, it is better to ignore and delete this email. Never click on any link or button within it.
Enable Two-Factor Authentication (2FA): You can make your account more secure by turning on Two-Factor Authentication. With this feature enabled, even if a hacker discovers your password, they will need an extra security code (sent to your phone or an authentication app) to log into your account. This adds a critical layer of protection.
Change Password Proactively (Optional but Recommended): If you are concerned, you can manually and directly go to the Instagram app or website (don’t use the link in the email) to change your password. Ensure the new password is strong and unique.
Be Skeptical: Always check the sender’s email address carefully. While it may look official, there might be subtle misspellings. Remember, legitimate companies will never pressure you to act urgently via email.
Stay vigilant and protect your digital identity.
