Data Breach Exposes Personal Information of 17.5 Million Instagram Users
By Jessica Martinez-Thompson
Published on January 10, 2026
In a significant cybersecurity incident, a major data breach has reportedly compromised the personal information of approximately 17.5 million Instagram users. The breach was uncovered by the cybersecurity firm Malwarebytes, which has linked the exposure to a potential vulnerability in Instagram"s application programming interface (API) that may be exploited in 2024.
Key Details
The leaked dataset, which has been made available on dark web forums, specifically on BreachForums, contains sensitive information including usernames, full names, email addresses, phone numbers, and partial physical addresses. This alarming revelation was made public earlier this week by a threat actor identified as "Solonik." The implications of this breach are severe, as it has already triggered a surge in unsolicited password reset emails sent to users worldwide.
Experts in cybersecurity are raising concerns about the heightened risks associated with this data breach. They warn that the exposed information could facilitate phishing attacks, account takeovers, and identity theft. Phishing, a method where attackers impersonate legitimate entities to deceive individuals into providing personal information, is particularly concerning given the scale of the data leak.
Background
Malwarebytes, a well-known cybersecurity firm, has been at the forefront of identifying and analyzing data breaches. The firm’s findings suggest that the breach may be linked to vulnerabilities in Instagram"s API, which could allow unauthorized access to user data. Instagram, owned by Meta Platforms, Inc., has faced scrutiny in the past regarding its data security practices, and this incident raises further questions about the platform"s ability to protect user information.
The dark web, where the leaked data was found, is a part of the internet that is not indexed by standard search engines and is often associated with illegal activities, including the sale of stolen data. BreachForums, the specific forum where the data was posted, is known for being a marketplace for hackers to share or sell compromised data.
What"s Next
The immediate aftermath of this breach has seen a notable increase in password reset emails, as Instagram attempts to mitigate the risks posed to its users. However, cybersecurity experts advise users to remain vigilant and take proactive measures to secure their accounts. This includes changing passwords, enabling two-factor authentication, and being cautious of unsolicited communications that may be attempts at phishing.
As the investigation into the breach continues, it remains to be seen how Instagram and Meta Platforms will respond to this incident and what measures will be implemented to enhance data security moving forward. The exposure of such a large volume of personal information underscores the ongoing challenges faced by social media platforms in safeguarding user data.
For more on the implications of this incident, see our recent developments regarding the Instagram data breach.
