Instagram Data Leak: 17.5M US Accounts Exposed – The Cyber News

A dataset containing information tied to roughly 17.5 million Instagram accounts has surfaced on underground forums, prompting renewed concerns over user privacy and platform security. Cybersecurity researchers say the information, first widely circulated in early January, is already being used in phishing and account takeover attempts.

According to analysis from Malwarebytes and other security firms, the exposed data includes Instagram usernames, email addresses, phone numbers, user IDs, and partial physical address information. The records reportedly appear in structured formats consistent with automated data collection, suggesting the information was gathered through large-scale scraping rather than a direct breach of Meta’s internal systems.

Researchers believe the data was harvested in late 2024, likely through abuse of public-facing APIs, country-specific data sources, and misconfigured third-party integrations. The dataset began spreading publicly between Jan. 7 and Jan. 10, after being posted on well-known hacking forums and dark web marketplaces, significantly increasing its reach among cybercriminals.

Almost immediately after the data appeared online, Instagram users across multiple regions reported a spike in password reset notifications and suspicious security alerts. Security experts say attackers are leveraging the exposed contact information to send convincing phishing emails and text messages designed to resemble legitimate Instagram or Meta communications.

“The combination of usernames, emails, phone numbers, and location data makes this especially dangerous,” researchers noted, warning that the information can be used for targeted phishing, SIM-swapping attacks, identity theft, and account takeovers.

While the incident has been widely discussed across cybersecurity circles and social media platforms, including X, Meta has not issued an official public statement addressing the exposure as of the time of writing. The lack of response has drawn criticism from security analysts, who argue that scraping-based data leaks pose risks comparable to traditional breaches.

The incident also reflects a broader pattern. Instagram and other Meta-owned platforms have faced recurring large-scale data exposures in recent years, many of which are tied to scraping and API-related weaknesses rather than direct intrusions into company servers.

Security experts are urging users to take precautions, including enabling two-factor authentication, changing passwords, and remaining cautious of unsolicited messages claiming to be from Instagram. They warn that phishing activity is likely to continue in the coming weeks as the dataset circulates further within criminal networks.

For now, researchers say the exposure serves as another reminder that even publicly accessible data, when collected at scale, can present serious privacy and security risks for users worldwide.

Latest Posts

[democracy id="16"] [wp-shopify type="products" limit="5"]