| Get instant news updates: Click here to join our Whatsapp Group |
A big data breach affecting around 17.5 million Instagram accounts has been reported by cybersecurity firm Malwarebytes. The leaked data is being shared freely on hacker forums and the dark web, putting millions of users at risk.
Malwarebytes said it found the data during routine dark web monitoring. The leaked information includes usernames, full names, email addresses, phone numbers, partial physical addresses, and other contact details.
Source Of The Leak
The data is believed to come from an Instagram API leak in 2024. On January 7, a threat actor named “Solonik” posted the dataset on BreachForums, offering it for free. The post claimed to contain over 17 million Instagram user records in JSON and TXT formats, affecting users worldwide. Sample data shared online includes usernames, emails, phone numbers, user IDs, and profile metadata, which supports Malwarebytes’ findings.
The leaked records appear to be structured like API responses, suggesting the data may have been collected through scraping, an exposed API endpoint, or a misconfigured system. The exact source of the leak is still unclear.
What Meta Said
Meta, Instagram’s parent company, has not confirmed or reacted to the breach.
Following the leak, many users have reported receiving unexpected Instagram password reset emails. Malwarebytes noted that some of these may be legitimate, while others could be part of ongoing abuse by malicious actors.
There is no evidence that Instagram passwords were leaked, but the exposed contact details are enough to carry out phishing scams, SIM swapping, and account recovery abuse.
Malwarebytes said the data is available for sale on the dark web and can be abused by cybercriminals.
Users are advised to change their Instagram passwords, enable two-factor authentication (2FA) using an authenticator app, and be cautious of suspicious messages. Malwarebytes is also offering a free Digital Footprint scan to help users check if their email addresses appear in the leaked data
