17.5mln Instagram accounts allegedly compromised, data circulating on dark web

Cyber Security News, an independent news platform which covers all the happenings in the cyber world, on Saturday reported a major data breach had allegedly exposed information linked to approximately 17.5 million Instagram user accounts, with the data now circulating on dark web marketplaces.

The news platform, citing findings by cybersecurity firm Malwarebytes, has raised concerns about user privacy and account security.

According to Malwarebytes, the compromised data includes usernames, email addresses, phone numbers and partial physical locations, creating risks of identity theft, phishing and social engineering attacks. The stolen database is reportedly being traded online, making it accessible to cybercriminals worldwide.

The breach has already had effects, with multiple users reporting receiving legitimate Instagram password reset notifications, suggesting attempts to hijack accounts using the leaked information. Experts warn that exposed contact details can be exploited to craft highly convincing phishing messages appearing to originate from Instagram or its parent company, Meta.

Dark web listings attributed to a seller identified as “Subkek” claim the data was scraped in late 2024 using public APIs and country-specific sources. Screenshots of the listings show sample records containing usernames, full email addresses, phone numbers and partial location data.

Users are advised to enable two-factor authentication, change passwords, monitor login activity and remain alert to suspicious messages. Instagram and Meta have not yet issued an official statement, while cybersecurity experts continue to investigate the source and scope of the breach.