According to the firm, hackers may have scraped profile data from around 17.5 million Instagram accounts, including usernames, addresses, phone numbers and emails.
Experts warn users to ignore unprompted password reset emails and avoid clicking on any links.
A screenshot of the emails users received. Photo / Instagram
Instagram, however, has urged users not to panic.
“Receiving a password reset email doesn’t necessarily mean that your account has been hacked,” the platform said on its website.
“For example, when someone is trying to log into their account or reset their password, they may mistype or misremember their email address or username and enter yours by mistake.
“Only people who know your Instagram password or click the login link in this email can log in to your account.”
The Meta-owned company emphasised that official correspondence only comes from @mail.instagram.com.
“If you do have additional security concerns, you may want to reset your password and enable two-factor authentication,” the platform said.
Meta has not yet confirmed whether Instagram suffered a cybersecurity breach.
Sign up to Herald Premium Editor’s Picks, delivered straight to your inbox every Friday. Editor-in-Chief Murray Kirkness picks the week’s best features, interviews and investigations. Sign up for Herald Premium here.