Reported Instagram data breach exposed personal details of 17.5 million users

TL;DR

Security firm Malwarebytes says a dataset tied to Instagram has surfaced on the dark web exposing personal details for about 17.5 million users. The leak reportedly contains usernames, contact details and addresses, and may be linked to a 2024 Instagram API exposure; Meta has not issued an official statement.

What happened

Malwarebytes reported finding a data collection affecting roughly 17.5 million Instagram accounts during routine scanning of underground marketplaces. The company says the set contains account usernames alongside personally identifying information such as email addresses, phone numbers and physical addresses. Malwarebytes added that the material is being offered for sale on the dark web and warned it could be exploited by criminals. The firm tied the discovery to a possible incident related to an Instagram API exposure in 2024. Following the finding, some Instagram users have received multiple password reset emails. Meta (Instagram’s parent) has not publicly commented on this reported incident. Malwarebytes recommended standard account protections including enabling two-factor authentication, changing passwords and reviewing logged-in devices via Meta’s Accounts Center.

Why it matters

• The dataset reportedly includes personally identifiable details (emails, phone numbers, addresses) for 17.5 million accounts, increasing risk of targeted attacks.
• Data being sold on the dark web raises probability of wider abuse, including phishing campaigns and social engineering.
• Ties to a prior 2024 API exposure suggest the issue may stem from an earlier technical vulnerability or data-handling process.
• Account-disruption signals—such as mass password reset emails—indicate immediate operational impact for affected users.

Key facts

• Security firm Malwarebytes discovered the dataset during routine dark web scans.
• The reported leak covers about 17.5 million Instagram users.
• Leaked fields said to include Instagram usernames, email addresses, phone numbers and physical addresses.
• Malwarebytes reported the data is available for sale on the dark web.
• The company linked the collection to a possible Instagram API exposure from 2024.
• Some users received multiple password reset emails after the breach surfaced.
• Malwarebytes warned the information could enable phishing or account takeover attempts.
• Meta has not released an official statement about this reported incident.
• Recommended user steps cited include enabling two-factor authentication, changing passwords and checking logged-in devices in Meta’s Accounts Center.

What to watch next

• Whether Meta issues an official statement or disclosure about the scope and cause of the leak.
• Independent verification of leaked samples and technical analysis tying the data to the reported 2024 API exposure.
• Confirmation on whether passwords or authentication tokens were included in the dataset (not confirmed in the source).

Quick glossary

• Dark web: Parts of the internet not indexed by standard search engines where data and illegal services are sometimes traded.
• API (Application Programming Interface): A set of rules that allows different software systems to communicate and exchange data.
• Two-factor authentication (2FA): A security measure that requires two different forms of identification before allowing access to an account.
• Account takeover: When an attacker gains unauthorized access to a user account and uses it for malicious purposes.

Reader FAQ

Has Meta confirmed the breach?
According to the source, Meta has not released an official statement.

What specific data was exposed?
Malwarebytes reported usernames, email addresses, phone numbers and physical addresses among the leaked fields.

Were passwords included in the leak?
Not confirmed in the source.

What should users do now?
The source recommends enabling two-factor authentication, changing passwords and reviewing devices logged into your account via Meta’s Accounts Center.

Cybersecurity An Instagram data breach reportedly exposed the personal info of 17.5 million users As spotted by Malwarebytes, the alleged leak includes usernames, email addresses, phone numbers and more. Jackson…

Sources

• Instagram data breach reportedly exposed the personal info of 17.5M users

Related posts

• Industry Insiders Launch Poison Fountain to Corrupt AI Training Data
• Iran Shuts Down Starlink Internet for the First Time — Forbes Report
• Iranian regime appears to jam Starlink amid nationwide internet blackout