A significant data breach has exposed the personal information of approximately 17.5 million Instagram users, leading to a sharp increase in cybercriminal activities. Cybersecurity researchers from Malwarebytes discovered the breach, which was later confirmed through listings on dark web forums where sensitive data is being traded. The leak is particularly concerning as it has prompted a wave of suspicious password reset attacks targeting users globally.
The compromised data first appeared on a notorious hacking forum, posted by an individual using the alias “Solonik.” Titled “INSTAGRAM.COM 17M GLOBAL USERS — 2024 API LEAK,” the listing claims to contain user records available in both JSON and TXT formats. According to the hacker, the data was collected in late 2024 through an “API Leak,” which allowed them to bypass security measures and scrape user profiles from across the globe.
Cybersecurity experts have indicated that the scale of this breach suggests serious deficiencies in Instagram’s security protocols. The leaked dataset contains comprehensive profiles of users, including full names, usernames, verified email addresses, phone numbers, user IDs, and partial location data. This level of detail significantly enhances the potential for targeted cyber attacks.
In the hours following the data leak, users reported a marked increase in unsolicited password reset emails. While the leaked database does not include account passwords, experts caution that the exposed email addresses and phone numbers are sufficient for criminals to mount serious attacks. Such attacks could involve SIM-swapping, impersonation of Instagram support staff, or highly targeted phishing campaigns. By leveraging personal information from the leak, scammers can build trust with victims, tricking them into divulging login credentials or two-factor authentication codes.
The incident is characterized as “scraping,” indicating that data was acquired through public-facing interfaces rather than a direct breach of Instagram’s core servers. However, the sheer volume of data indicates a significant “API Leak” that should not have occurred on this scale.
As of January 10, 2026, Meta, Instagram’s parent company, has not released a formal statement addressing the specifics of the 17.5 million-record data dump. Cybersecurity professionals are urging users to take immediate measures to secure their accounts. They recommend enabling multi-factor authentication, preferably through an authenticator app rather than SMS, which is more vulnerable to attacks. Users are also advised to disregard any unsolicited password reset emails and to refrain from clicking on links unless they initiated the request themselves.
The timing of the password reset surge closely correlates with the appearance of the 17.5 million-user database on BreachForums. Reports indicate that legitimate-looking emails claiming to initiate a password reset are being sent out, preying on users’ panic. Davey Winder, a senior contributor to Forbes and a cybersecurity expert, confirmed that he received one such email, which prompted him to alert others about the ongoing threat.
Instagram has clarified that the mere receipt of a password reset email does not indicate an account breach. Such emails can be triggered by user error, such as mistyped email addresses during login attempts. According to Instagram’s Help Center, legitimate emails originate from addresses ending in @mail.instagram.com, and those from other domains should be treated as potential phishing attempts.
To bolster account security, Instagram recommends activating two-factor authentication, which requires a security code when logging in from an unrecognized device. This feature is automatically enabled for creator accounts, but all users are encouraged to verify its status. Should users suspect their accounts have been compromised, Instagram has a dedicated recovery process available at instagram.com/hacked.
Security specialists advise users to secure their email accounts with unique passwords distinct from their social media logins. This precaution helps prevent hackers from accessing multiple platforms if one account is breached. With over two billion monthly active users, Instagram is an attractive target for cybercriminals. Large-scale data leaks like this simplify the execution of account takeover attacks by providing hackers with a ready-made list of potential victims.
In conclusion, experts emphasize the importance of vigilance in the wake of this breach. Users should remain cautious and take prompt action to secure their accounts, as the implications of this data leak continue to unfold. The implementation of two-factor authentication is highlighted as a crucial safeguard, offering significant protection against unauthorized access.
