嗯,用户让我帮忙总结一篇文章,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写文章描述就行。首先,我需要仔细阅读文章内容,抓住主要信息。 文章讲的是Meta修复了Instagram的一个密码重置漏洞,这个漏洞让第三方可以发送重置邮件。同时,Meta否认了数据泄露的说法,尽管有泄漏的声称。用户们收到了未经请求的密码重置邮件,虽然Meta说系统没有被入侵,但安全专家担心这可能涉及真实的隐私风险,甚至可能有数据在暗网上流通。 另外,有研究人员发现了一个包含近1800万用户数据的数据库被出售,这些数据包括物理地址和用户ID。这可能结合了Instagram和其他外部数据库的信息,导致更大的安全威胁。 所以,在总结的时候,我需要涵盖漏洞修复、否认数据泄露、用户收到邮件、专家警告隐私风险以及可能的数据外泄情况。控制在100字以内的话,得简洁明了。 可能的结构是:Meta修复了Instagram的密码重置漏洞,否认数据泄露;用户收到邮件;专家警告隐私风险;数据可能外泄。这样大约可以控制在100字左右。 最后检查一下有没有遗漏的重要信息,并确保语言流畅自然。 </think> Meta修复了Instagram密码重置漏洞,否认数据泄露;用户收到未授权重置邮件;专家警告隐私风险;部分用户数据或已外泄。 2026-1-12 18:53:51 Author: securityaffairs.com(查看原文) 阅读量:0 收藏
Meta fixes Instagram password reset flaw, denies data breach
Meta fixed an Instagram password reset flaw that let third parties send reset emails, while denying a data breach despite leak claims.
Meta confirmed fixing an Instagram password reset vulnerability that allowed third parties to trigger reset emails, while denying any breach despite claims of leaked user data.
“We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.” the company wrote on X. “You can ignore those emails — sorry for any confusion.”
— Instagram (@instagram) January 11, 2026We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems and your Instagram accounts are secure.
You can ignore those emails — sorry for any confusion.
Recently, users reported receiving unsolicited Instagram password reset emails, though the company disclosed no technical details about the flaw. Since January 10, 2026, a million users have received password reset emails, sparking confusion and fears of a global cyberattack. Security experts warn this is a serious privacy breach with real-world risks, and affected data may already be circulating on the dark web.
A Meta spokesman said there was no system breach and Instagram accounts remain secure, he invited users to ignore the password reset emails.
However, Malwarebytes researchers found a sensitive database for sale on a cybercrime forum, described as a “doxxing kit” affecting nearly 18 million Instagram users. Unlike past data scrapes, this leak includes physical home addresses linked to Instagram user IDs.
The stolen data likely didn’t come from Instagram profiles alone, attackers may have combined Instagram user IDs with data from external databases, such as marketing lists, data brokers, e-commerce platforms, or leaked customer records, to match usernames with real names and home addresses.
By linking online identities to physical addresses, the threat goes beyond spam or account takeovers. It enables stalking, swatting, extortion, and identity theft, turning a digital privacy breach into a potential real-world safety risk.
Have I Been Pwned (HIBP) warned that a hacker shared a dataset of over 17 million records, including 6.2 million emails and other user data, allegedly scraped via an Instagram API.
“In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number.” reads the post published by HIBP. “The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
如有侵权请联系:admin#unsafe.sh