When you log in to Instagram on your mobile device, you might see a security prompt at the top of the screen letting you know about a recommendation to change our Instagram password. Additionally, the message states that automated checks indicate your password you use was one that was stolen from another website.
Keep Your Account Secure
Your security on Instagram is a top priority for us. Based on our automated checks, we’ve discovered that the password you use for Instagram is the same as one that was stolen from another site. We haven’t detected any suspicious activity on your account, but we recommend your change your password.
It’s not comforting to know that Instagram knows your password has been compromised on another website (and it doesn’t tell you from which websites), but it’s convenient they give you a heads up to change your current password.
It's possible for Instagram to run that list against their own user list, and see if there are any matches. If there is, they can drop you a line asking you to change your password.
To explain further, passwords (on a properly secured site) are not stored in the way they are typed. They are "hashed", which means they are put through an encryption algorithm, and the resulting code is stored. Next time you log in, the password you entered is hashed in same way and compared to stored hash code. If they match, you entered the correct password. But your original password isn't stored anywhere for security reasons.
But if the password / email has been captured from a less secure site, that email and password can be tried against other sites, and if you have used the same password, they get access.
However, this leaves many unanswered questions to the user about their compromised password. Did you receive this message? Use the comment form below and let us know.