Follow on Google News
Massive Instagram Data Leak Exposes Details of 17.5 Million Users, Malwarebytes Warns
A major data breach affecting nearly 17.5 million Instagram accounts has come to light, raising fresh concerns about user privacy and online security. Cybersecurity firm Malwarebytes revealed that sensitive user information from the platform is already circulating freely on hacker forums and across the dark web.
Malwarebytes said the exposed dataset was discovered during its routine monitoring of underground cybercrime networks. The leaked information reportedly includes Instagram usernames, full names, email addresses, phone numbers, partial physical addresses and other contact details, putting millions of users at risk of targeted cyberattacks.
In a post on social media, Malwarebytes confirmed that cybercriminals had obtained personal data linked to 17.5 million Instagram accounts, warning that the sheer scale of the leak makes it particularly dangerous.
High risk of phishing and impersonation
Security experts at Malwarebytes cautioned that the exposed data could easily be weaponised. Attackers may use the information to launch phishing campaigns, impersonation scams and credential-harvesting attempts. Of particular concern is the possibility of abusing Instagram’s password recovery process to try and take over accounts.
“The volume and depth of the data significantly increase the likelihood of abuse,” the firm noted, adding that bad actors often combine leaked contact details with social engineering tactics to deceive users.
Iran Protests Intensify; Nationwide Internet Shutdown Still in Place
Suspected source: Instagram API leak
The data is believed to have originated from an Instagram API vulnerability dating back to 2024. On January 7, a threat actor using the alias “Solonik” reportedly shared the dataset on BreachForums, offering it for free. The post claimed the leak contained more than 17 million user records in both JSON and TXT formats, impacting users globally.
Samples circulating online include usernames, email addresses, phone numbers, user IDs and profile metadata. According to Malwarebytes, the structure of the files resembles API responses, suggesting the information may have been collected through large-scale scraping, an exposed endpoint or a misconfigured system. The exact method used to obtain the data remains unclear.
Meta yet to respond
Meta, the parent company of Instagram, has so far not issued any public statement confirming or denying the breach.
Spike in password reset emails worries users
In the wake of the leak, many Instagram users have reported receiving unexpected password reset emails. Malwarebytes said some of these messages may be legitimate, but others could be linked to malicious attempts to access accounts.
While there is no indication that Instagram passwords themselves were compromised, the leaked contact information is sufficient for phishing scams, SIM-swapping attacks and abuse of account recovery features.
The cybersecurity firm also warned that the dataset is being traded on dark web marketplaces, making it easily accessible to cybercriminals.
What users should do now
Malwarebytes advises Instagram users to take immediate precautions. This includes changing account passwords, enabling two-factor authentication using an authenticator app, and staying alert to suspicious emails or messages claiming to be from Instagram.
Users who receive password reset emails they did not request should treat them as a red flag that someone may be attempting to access their account.
To help users assess their exposure, Malwarebytes is offering a free Digital Footprint scan that allows individuals to check whether their email addresses appear in the leaked dataset.
As investigations continue, cybersecurity experts stress that vigilance and strong account security remain the best defence against the fallout from large-scale data breaches.
Latest Posts
- Powerful Collision of Car With Truck on Jammu-Srinagar NH, 3 Died, Two Injured
June 14, 2026 | Breaking News, Jammu Kashmir - North Korea Says Nuclear Status Is Irreversible, Kim Yo Jong Calls It A “Line of No Retreat”
June 14, 2026 | Breaking News, Politics, World - Violence in Northwestern Nigeria: 17 Farmers Killed, 13 Injured as Insecurity Persists
June 14, 2026 | Breaking News, Crime, World - Japan Delegation Heading To Greenland For Accessing/Evaluating Rare Earth Minerals Extraction
June 14, 2026 | Breaking News, World - Iran-US Deal in Final Stage; Next 24 Hours Crucial, Says Pakistan PM Shehbaz Sharif
June 14, 2026 | Breaking News, Politics, World - Violations of Hormuz Blockade Won’t Be Tolerated: Marco Rubio Tells S. Jaishankar
June 14, 2026 | Breaking News, Politics, World - Donald Trump Vows to Sign Deal with Iran Tomorrow, Tehran Downplays Announcement
June 14, 2026 | Breaking News, Politics, World - Starlink Constellation Crosses 10,600 Satellites After Latest SpaceX Launch
June 13, 2026 | Breaking News, Entertainment - The East Palace OTT Release Date: Know When and Where to Watch it Online
June 13, 2026 | Breaking News, Entertainment - Raakh Now Streaming Online: Where to Watch This Ali Fazal’s Investigative Thriller Series
June 13, 2026 | Breaking News, Entertainment