Ammon News - A data breach affecting around 17.5 million Instagram accounts has been reported by cybersecurity firm Malwarebytes. The leaked data is already being shared freely on hacker forums and the dark web, putting millions of users at risk.

Malwarebytes said it found the data during routine dark web monitoring. The leaked information includes usernames, full names, email addresses, phone numbers, partial physical addresses, and other contact details.

Malwarebytes warned that the scale of the exposed data significantly increases the risk of abuse. Attackers are likely to exploit this information in impersonation attacks, phishing campaigns, and credential harvesting attempts, especially by leveraging Instagram's password reset mechanism to gain access to user accounts, the firm cautioned.

Source Of The Leak
The data is believed to come from an Instagram API leak in 2024. On January 7, a threat actor named “Solonik” posted the dataset on BreachForums, offering it for free. The post claimed to contain over 17 million Instagram user records in JSON and TXT formats, affecting users worldwide. Sample data shared online includes usernames, emails, phone numbers, user IDs, and profile metadata, which supports Malwarebytes' findings.

The leaked records appear to be structured like API responses, suggesting the data may have been collected through scraping, an exposed API endpoint, or a misconfigured system. The exact source of the leak is still unclear.

What Meta Said
Meta, Instagram's parent company, has not confirmed or reacted to the breach.