Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts

A substantial security breach has compromised roughly 17.5 million Instagram accounts. This incident exposed sensitive personal information, which is now circulating on the dark web.

The incident was discovered and reported by cybersecurity firm Malwarebytes earlier this week, raising urgent concerns about user privacy and account security.

What Data Was Exposed

The breach encompasses a wide range of personal information that could put affected users at serious risk. Compromised data includes usernames, email addresses, phone numbers, and physical addresses.

This combination of information makes users particularly vulnerable to identity theft, phishing, and social engineering.

Malwarebytes have confirmed that the stolen database is actively being traded on dark web marketplaces, making it accessible to cybercriminals worldwide.

The availability of this data has already led to real-world consequences, with multiple users reporting receiving legitimate Instagram password reset notifications a clear indication that threat actors are attempting to hijack accounts using the leaked information.

Exposing email addresses and phone numbers linked to Instagram accounts creates opportunities for targeted phishing campaigns.

Cybercriminals can use this information to craft convincing messages that appear to come from Instagram or Meta, potentially tricking users into revealing passwords or other sensitive credentials.

Users who suspect their accounts may be affected should immediately enable two-factor authentication, change their passwords to unique and complex combinations, and remain vigilant for suspicious emails or messages claiming to be from Instagram.

Additionally, monitoring for unauthorized login attempts and reviewing connected apps and services is crucial during this period.

Instagram and its parent company, Meta, have not yet released an official statement regarding the scope of the breach or remediation efforts.

Cybersecurity experts continue to investigate how the data was obtained and whether the breach resulted from a vulnerability in Instagram’s systems or through a third-party service.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.