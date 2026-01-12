Meta-owned social media platform Instagram has addressed a technical issue that caused a significant number of users to receive unsolicited password reset emails. The glitch, which occurred over the weekend, led to concerns regarding potential account hacking attempts and widespread security breaches.

Users reported receiving official emails from Instagram stating that a request had been made to reset their passwords, despite not having initiated such requests themselves. While the volume of these notifications initially suggested a coordinated "credential stuffing" attack or a mass hacking attempt, Instagram has clarified that the incident was the result of an internal technical error.

Advertisement

The company stated that no unauthorised access to user accounts had occurred as a direct result of this specific incident and that the underlying issue has now been resolved.

We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.



You can ignore those emails — sorry for any confusion. — Instagram (@instagram) January 11, 2026

The influx of reset requests caused significant disruption for users, many of whom temporarily disabled their accounts or enabled additional security layers out of caution. Because the emails originated from Instagram’s legitimate "security@mail.instagram.com" address, they were initially difficult to distinguish from genuine security alerts.

Security experts noted that while the emails themselves did not compromise accounts, they created a prime environment for phishing. Scammers often take advantage of such technical confusion to send fraudulent links, hoping to capitalise on user anxiety regarding account safety.

Advertisement

Instagram has not disclosed the exact number of users affected by the glitch, but maintains that the automated systems responsible for the error have been corrected to prevent a recurrence. Users who received the erroneous emails do not need to take further action if they did not click the links provided.