Instagram data leak: 17.5 million users affected
LONDON: Instagram data leak: 17.5 million users affected as security researchers have raised alarm over a suspected breach that may have exposed sensitive personal information belonging to millions of users worldwide, sparking renewed concerns over data security on major social media platforms.
According to cybersecurity firm Malwarebytes, personal data linked to approximately 17.5 million Instagram accounts may have been compromised. The reportedly exposed information includes usernames, email addresses, phone numbers, physical addresses and other sensitive details that go beyond publicly visible profile data.
The revelation has coincided with a surge in reports from Instagram users who say they have received an unusually high number of password reset emails in recent days. Security experts believe this may indicate attempts by third parties to exploit leaked data in order to gain unauthorised access to user accounts.
Malwarebytes said it identified the data during routine monitoring of the dark web, where the compromised datasets are allegedly being offered for sale. Experts warn that such information can be exploited for targeted phishing campaigns, identity theft, and account takeover attempts. The combination of usernames, email addresses and phone numbers makes it easier for cybercriminals to craft convincing and personalised attacks.
The security firm also suggested that the alleged breach could be linked to a previously reported Instagram API exposure from 2024. APIs allow applications to exchange data, but if inadequately secured, they can be abused to extract large volumes of information automatically. While no official confirmation has been made linking the earlier vulnerability to the current incident, cybersecurity specialists consider it a plausible source of the leak.
Another red flag highlighted by researchers is the spike in password reset requests received by users, suggesting that leaked personal data may already be in use. Malwarebytes warned that this could signal more extensive attacks beyond simple login attempts, including coordinated phishing operations.
Meta, Instagram’s parent company, has not yet issued an official statement regarding the reported data leak. The company has previously faced scrutiny over privacy and data protection issues, though it remains unclear whether the current incident has been acknowledged internally.
In the absence of official confirmation, cybersecurity experts have advised Instagram users to take precautionary measures. These include enabling two-factor authentication, changing passwords regularly, reviewing connected devices through the Meta Account Center, and remaining vigilant against suspicious emails or messages.
The alleged Instagram data leak underscores the ongoing risks faced by users even on well-established digital platforms. With millions of accounts potentially affected and sensitive data circulating on the dark web, the incident highlights the importance of proactive security measures and constant monitoring of online accounts.
