Oof, This Is Bad: Nearly 17.5 Million Instagram Accounts Just Got Leaked
So yeah, this is pretty alarming. A cybersecurity company called Malwarebytes just found a massive data dump floating around online—and it’s got info from almost 17.5 million Instagram users. The data’s already making the rounds on hacker forums and the dark web, which means scammers now have everything they need to mess with people.
What Got Leaked?
The database includes stuff like usernames, full names, emails, phone numbers, and even some partial addresses. Good news? No passwords were leaked. Bad news? Hackers don’t really need them to cause serious problems.
Malwarebytes says this kind of info is basically a goldmine for:
- Phishing scams and fake accounts
- Sketchy password reset tricks
- SIM-swapping attacks (where they hijack your phone number)
- Stealing your account through Instagram’s recovery system
Where Did This Come From?
Looks like it traces back to some Instagram API issue from 2024. Earlier this month, someone using the username “Solonik” posted the entire dataset on a hacking forum called BreachForums, claiming it contained over 17 million records.
The way the data’s formatted makes it look like it was either scraped automatically or pulled through some badly secured API endpoint. Instagram (or Meta, technically) hasn’t said anything about it yet.
People Are Getting Weird Emails
A bunch of Instagram users have been reporting random password reset emails lately. Some might be legit, but Malwarebytes is warning that a lot of them could be part of scam attempts using the leaked contact info.
Even without your password, attackers can try hijacking your account using just your email or phone number through Instagram’s recovery tools. Yikes.
What You Should Do Right Now
Here’s what security experts are saying:
- Change your Instagram password (like, now)
- Turn on two-factor authentication using an app, not SMS
- Don’t click links in sketchy emails or DMs
- Keep an eye on your account for anything weird
Malwarebytes also put out a free tool called Digital Footprint Scan where you can check if your email showed up in the leak.
Bottom line: if you’re getting random password reset emails you didn’t ask for, don’t just ignore them. That could be someone trying to break into your account.
