Massive Instagram Data Leak Sparks Global Security Concerns
Cybersecurity specialists are warning of a serious data leak that appears to have affected around 17.5 million Instagram accounts, following a sudden surge of password reset emails sent to users worldwide.
Reports from researchers indicate that exposed information allegedly includes usernames, full names, email addresses, phone numbers, some physical addresses and several other contact details.
Details of the breach surfaced when Malwarebytes disclosed the issue on X, cautioning that the stolen data may already be circulating among cybercriminal networks.
Experts note that no passwords seem to have been released, yet the type of information exposed can still enable identity theft or financial fraud if exploited.
CyberInsider revealed that the breach appears to trace back to 2024, when a hacker exploited an Instagram API vulnerability to bypass security safeguards and extract sensitive user records.
BreachForums later hosted the leaked dataset after a threat actor using the alias Solonnik uploaded more than 17 million records and made them freely available.
Meta has not issued any official confirmation, even as thousands of users continue reporting repeated password reset emails in recent days.
Security analysts warn that many of these emails may be fraudulent attempts designed to mimic legitimate alerts and pressure recipients into clicking embedded Reset Password buttons.
Typical messages resemble authentic Instagram notifications and claim that a password reset request has been submitted for the recipient's account.
The emails often include a prominent blue Reset Password button along with text stating If you ignore this message, your password will not be changed and If you didnt request a password reset, let us know.
Cybercrime experts believe scammers are deliberately exploiting user anxiety, hoping individuals will click without verifying whether the message is genuine.
