(NewsNation) — Millions of Instagram users were left concerned over a potential data breach after they reported receiving a password reset email from the social media platform, despite not requesting one.

Instagram issued a statement Sunday on the social media platform X, telling users there was no system breach and that everyone’s accounts were secure, adding they’ve fixed the issue and advising users to ignore the emails.

However, cybersecurity firm Malwarebytes told The U.S. Sun most of those emails may be linked to an alleged data breach that happened in late 2024. Malwarebytes wrote in an X post that hackers may have obtained the personal information of 17.5 million Instagram users, including usernames, addresses, phone numbers and emails.

Experts say that while the leak didn’t appear to include the affected users’ passwords, the exposed emails and phone numbers can still be enough to cause damage and leave them open to serious attacks.

That information, once in the hands of criminals, can be used in SIM-swapping attacks, enabling them to impersonate Instagram support staff or to launch phishing attacks.

If you receive an email about resetting your password and did not request one, ignore it and avoid clicking any links.

What should I do if my Instagram account is compromised?

On its website, Instagram lists several actions you can take if you suspect your account has been hacked, including receiving a login link from the app, requesting a security code or support, as well as taking steps to verify your identity.

Instagram also encourages users to set up two-factor authentication for extra security on their accounts.