The Register reports:
Meta has fixed a flaw in its Instagram service that allowed third parties to generate password reset emails, but denied the problem led to theft of users’ personal information.
Last Friday, security software vendor Malwarebytes claimed “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.” The vendor included a screenshot of a password reset email sent to Instagram users.
On Saturday, Instagram posted the following: “We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure. You can ignore those emails — sorry for any confusion.”
Read more at The Register.
