Massive Instagram data breach exposes millions of users globally

Meta is facing renewed scrutiny after a cybersecurity firm reported that personal data linked to 17.5 million Instagram users is circulating on dark web forums.

According to Malwarebytes, the exposed information includes usernames, email addresses, phone numbers, and partial addresses. 

The dataset is reportedly being shared freely on underground platforms, raising concerns about potential misuse.

Following reports of the breach, many users began receiving unsolicited password reset emails from Instagram’s official security address. 

While the messages appear legitimate and originate from an authorised domain, users say they did not request any reset, leading to widespread confusion and alarm.

Security experts believe the surge in reset emails may be linked to the leaked data. Threat actors could be using the exposed information to trigger account recovery processes or to disguise more targeted phishing attempts.

The leaked database has been attributed to a hacker known online as “Solonik.” Reports have suggested that the data may stem from an API-related exposure that occurred sometime in 2024, although the full details remain unclear.

Despite the concerns, Meta has denied that a new breach has taken place. The company said Instagram’s systems remain secure and that it is investigating reports linked to the circulating data.

However, users are being advised to enable two-factor authentication, review account activity, and remain cautious of suspicious emails.