Instagram has fixed a password reset vulnerability.

Meta resolved a vulnerability in Instagram’s password reset system that allowed external actors to trigger unsolicited reset emails to users. Although users reported receiving these unwanted emails, Instagram confirmed there was no breach and instructed users to ignore them. Concurrently, Malwarebytes and Have I Been Pwned flagged the resurfacing of 17.5 million Instagram account records dating back to a 2022 API leak. Meta clarified that the leaked data is unrelated to the reset flaw and emphasized that no sensitive information, including passwords, was compromised.

Read more:

https://www.securityweek.com/instagram-fixes-password-reset-vulnerability-amid-user-data-leak/