Millions of Instagram accounts are facing increased risk after a notable data breach exposed personal facts on dark web forums. The compromised data, impacting roughly 17.5 million users,includes usernames,emails,phone numbers,and partial addresses [[1]]. Cybersecurity experts warn this leak could fuel targeted phishing schemes and account takeovers,particularly as meta,Instagram’s parent company,has yet to officially address the scope of the incident [[3]].
A database containing personal information from millions of Instagram users has surfaced on dark web forums frequented by cybercriminals. The breach impacts approximately 17.5 million accounts and underscores the ongoing risks to user data on social media platforms.
The data, detected by cybersecurity firm Malwarebytes, includes sensitive details associated with Meta’s social network, such as usernames, email addresses, phone numbers, partial home addresses, and other contact information. While passwords were not exposed in the leak, the compromised data significantly lowers the barrier for sophisticated social engineering attacks.
Nombres de usuario, correos electrónicos y números de teléfono asociados a los perfiles en la red social fuero expuestos en la dark web. (Foto: Adobe Stock)
Cybercriminals can leverage this information for targeted phishing campaigns, impersonation attempts, and account takeovers. The leaked data also facilitates strategies to exploit Instagram’s account recovery mechanisms through deceptive messages or emails mimicking official notifications. This incident highlights the increasing sophistication of attackers and the challenges platforms face in protecting user information.
Some users have already reported receiving password change notifications, which may be legitimate or part of malicious activity. The dataset was initially published on January 7, 2026, on the BreachForums forum by an actor using the alias “Solonik,” who offered it for free as a compilation of over 17 million records linked to users worldwide. The files, in JSON and TXT formats, exhibit typical API response structures with organized fields and normalized values.
The discovery of this data package reinforces the hypothesis that the exposed data stems from a previous breach associated with the Instagram API, which occurred in 2024. While the exact method of obtaining the data remains unconfirmed, Malwarebytes specialists haven’t ruled out vulnerabilities in insecure endpoints, failures in external integrations, or incorrect configurations that may have allowed for the mass collection of data prior to 2025.
Meta, Instagram’s parent company, has yet to issue an official confirmation of the incident. There have been no public statements on its security pages or formal responses to inquiries from specialized media, leaving uncertainty about the full scope of the problem and the measures taken.
In light of this situation, it is advisable to take certain precautions. Messages requesting identity verification, personal data confirmation, or password resets should be carefully analyzed, even if they appear to originate from Instagram. Users should change their Instagram password, avoid reusing credentials across different services, and enable two-factor authentication. These are basic, but effective, steps.
This breach follows a recent mass data leak impacting Argentinian users, highlighting a broader trend of data breaches affecting users across Latin America. Another recent data breach exposed over 1TB of data on Argentinian citizens.
Users concerned about their account security should also review best practices for password security and consider using a password manager to generate and store strong, unique passwords.
