A database containing 17.5 million Instagram accounts has been put up for sale on the dark web following unauthorized access to sensitive information. Among the leaked data are usernames, physical addresses, phone numbers, and email addresses. The situation has raised concerns in neighborhoods and municipalities in Barcelona, Girona, and Tarragona, where thousands of users have recently received emails requesting password resets.
Wave of Suspicious Emails and Alert for Possible Frauds
The volume of electronic messages with the subject line "reset your password" has increased significantly in recent days. Users from different areas have reported receiving these emails, which has led the Mossos d'Esquadra and Local Police to recommend caution against possible identity theft attempts. The stolen data is available for sale on the dark web and can be used for SMS fraud or other forms of digital deception.
Meta dismisses internal breach and assures account security
Meta, the company that owns Instagram, has denied that there was a direct intrusion into its systems. According to the company, the incident is due to a vulnerability that allowed third parties to request password reset emails for some people. In a public communication, Meta has insisted that accounts remain secure and that users can ignore these messages.
"We fixed an issue that allowed an external party to request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure. You can ignore those emails, apologies for any confusion" - Spokesperson, Meta
Sensitive Data Exposed and Security Recommendations
The leaked information includes personal data that could facilitate fraud attempts in various Catalan localities. Although access to user passwords has not been confirmed, cybersecurity experts warn that the exposure of physical addresses and phone numbers increases the risk of personalized scams. Authorities recommend exercising extreme caution and not responding to suspicious messages.
- 17.5 million accounts affected
- Usernames, physical addresses, phone numbers, and email addresses leaked
- Data for sale on the dark web
- Access to passwords has not been confirmed