Instagram Data Leak: 17.5 Million Users Exposed – Latest Updates

by muhammad yousufAwaz e karachi -
0
Instagram Data Leak: 17.5 Million Users Exposed – Latest Updates
Published on January 11, 2026 | By TechSec Blog

What Happened?

A significant data leak has exposed the personal information of approximately 17.5 million Instagram users. The breach was first reported by cybersecurity firm Malwarebytes on January 9–10, 2026, after the data appeared on hacker forums and the dark web.

The leaked dataset, reportedly scraped from Instagram's API in late 2024, includes a wide range of sensitive details. This is not a traditional server breach (no passwords were stolen directly), but rather a large-scale scraping of publicly accessible or improperly protected user data.

Important: Affected users are receiving a surge of legitimate-looking password reset emails from Instagram. These are often initiated by attackers using the leaked information to attempt account takeovers.

What Information Was Leaked?

  • Usernames
  • Full names
  • Email addresses
  • Phone numbers
  • Partial physical addresses
  • Other contact and profile details

The data is structured in JSON and TXT files, making it easy for cybercriminals to use in phishing campaigns, identity theft, SIM-swapping attacks, and targeted scams.

Who Is Behind the Leak?

The dataset was posted on BreachForums by a threat actor using the alias “Solonik” (or similar variations like “Subkek”). It was offered for free, increasing the risk of widespread exploitation. The scraping reportedly occurred between September and December 2024 via public APIs and country-specific sources.

Meta's Response

Meta (Instagram's parent company) has stated that there was no breach of their systems and that user accounts remain secure. However, they have not issued a detailed public statement about this specific incident as of January 11, 2026. The company has previously faced criticism for similar scraping vulnerabilities.

What Should Instagram Users Do?

If you use Instagram, take these immediate steps to protect your account:

  1. Change your password – Use a strong, unique password (at least 12 characters, mix of letters, numbers, and symbols).
  2. Enable two-factor authentication (2FA) – Go to Settings > Security > Two-Factor Authentication. Use an authenticator app instead of SMS if possible.
  3. Check for suspicious activity – Review login activity in Settings > Security > Login Activity.
  4. Ignore unsolicited reset emails – Do not click links in suspicious emails. Instead, log in directly via the official Instagram app or website.
  5. Monitor your accounts – Watch for unauthorized access or unusual emails/phone calls.
  6. Consider freezing your credit – If your physical address was leaked, take extra precautions against identity theft.

Why This Matters

Even though passwords were not leaked, the combination of email, phone, and address information can be extremely dangerous. Attackers can use this data for:

  • Phishing and social engineering attacks
  • Account takeovers
  • Stalking or real-world harassment
  • Targeted scams

This incident highlights ongoing challenges with data privacy on social media platforms and the importance of strong security practices.

Sources & Further Reading

  • Malwarebytes Research: Dark web monitoring reports
  • Forbes: "Instagram Password Reset Attacks – Users Must Check 1 Thing Now"
  • Engadget: "An Instagram data breach reportedly exposed the personal info of 17.5 million users"
  • Cybersecurity News: Detailed analysis of the leak
  • Official Instagram Help Center: Security tips

Stay safe online and keep your accounts protected!


Tags

You may like these posts

Post a Comment

Previous Post Next Post