Meta Platforms(US:META) Huan Qiu Wang Zi Xun·2026-01-11 04:20Core Viewpoint - A significant security concern has arisen as millions of Instagram users received an unusual number of password reset emails, leading to widespread attention and alarm regarding potential data breaches [1]. Group 1: Incident Overview - Approximately 17.5 million accounts had non-password personal information, including usernames, real names, email addresses, phone numbers, and partial addresses, allegedly obtained through the Instagram API in 2024 and released by a threat actor named "Solonnik" on January 8, 2026 [3]. - The leaked dataset contains over 17 million records and was made available for free download [3]. - Malwarebytes issued a warning on January 10, highlighting that while the leaked information does not include plaintext passwords or encrypted credentials, the structured personal data could be exploited for phishing, social engineering attacks, identity theft, and financial fraud [3]. Group 2: Company Response - Meta officially responded on January 11, stating that no data breach occurred, and the Instagram system was not compromised, assuring users that their accounts remain secure [4]. - The mass email incident was attributed to a technical vulnerability that has since been fixed, which allowed external parties to bypass normal verification processes and trigger bulk password reset requests [4]. - Meta apologized for the public confusion caused by the false alerts and reiterated its commitment to enhancing infrastructure security and controlling API access [4].