Reports from cybersecurity firm Malwarebytes indicated that sensitive information belonging to approximately 17.5 million Instagram users had appeared for sale on dark web forums, triggering widespread concern about a major data breach. This claim was accompanied by a surge in Instagram users globally receiving unexpected password reset emails, leading many to believe a fresh security incident had occurred. However, Instagram's parent company, Meta, has strongly denied any recent breach of its internal systems. Meta clarified that they identified and fixed a technical issue that allowed an external party to trigger password reset emails for some users, but stressed that this did not result in unauthorized access to accounts or internal systems, and user accounts remain secure. Users are advised to disregard these unsolicited password reset emails. Further analysis by cybersecurity researchers suggests that the exposed dataset of 17.5 million users is not a result of a new breach but rather comprises data collected from older scraping incidents, possibly dating back to 2017 or 2022, which was then circulated on the dark web in 2023 or late 2024. This data, obtained potentially through API leaks or public profile scraping, includes usernames, email addresses, phone numbers, and in some cases, physical addresses. While the data itself is real and poses risks, the incident is characterized more as the recirculation and exploitation of previously scraped data in conjunction with a password reset vulnerability, rather than a fresh hack of Instagram's core infrastructure. Users are urged to enable two-factor authentication (2FA) and exercise caution against phishing attempts.