A major Instagram data breach has leaked personal details of over 17.5 million users, including emails and phone numbers, raising serious privacy concerns.
ANKARA: Personal data from at least 17.5 million Instagram users has been leaked and shared on the dark web. The breach raises serious concerns about user privacy and platform security.
The leaked dataset includes user names, full names, email addresses and phone numbers. It also contains partial physical addresses and other contact information, according to cybersecurity firm Malwarebytes.
While no passwords were included, experts warn the compromised data can still be used for identity theft or financial fraud. The breach was first traced to a 2024 vulnerability in Instagram’s API.
Hackers reportedly bypassed Meta’s standard protections and scraped sensitive data. A threat actor identified as “Solonnik” then published the records on BreachForums earlier this week, offering the dataset for free.
“Such a massive leak significantly increases the risk of phishing campaigns and targeted fraud,” experts told Malwarebytes. Following the breach, users across several regions reported receiving an unusual volume of password reset emails.
This has fueled fears of compromised accounts. US company Meta, which owns Instagram, has not issued a public statement confirming the breach as of early January.
Instagram’s official help pages note that receiving a password reset email does not necessarily indicate a hack. However, cybersecurity analysts suggest users take caution.
The leaked data reportedly affects Instagram accounts globally and includes both personal and influencer profiles. The incident comes amid increasing scrutiny of social media companies’ data protection practices.
(Bernama-Anadolu)
