Massive data breach impacts 17.5 million Instagram accounts
Massive data breach impacts 17.5 million Instagram accounts
https://nottinghammd.com/2026/01/10/massive-data-breach-impacts-17-5-million-instagram-accounts/
Publish Date: 2026-01-10 16:06:00
Source Domain: nottinghammd.com
Using an unordered list, summarize the following article with between 4 and 8 key points. BALTIMORE, MD—Meta is currently navigating a significant security crisis following reports that 17.5 million Instagram accounts have been compromised. The breach was identified and confirmed by cybersecurity firm Malwarebytes, which discovered a massive dataset belonging to global users being circulated on illicit dark web forums.The leaked information includes a variety of sensitive details, such as account usernames, full names, email addresses, and phone numbers. In some instances, the records also contain partial physical addresses. According to security researchers, the data appears to have been harvested through a vulnerability in an Application Programming Interface (API) dating back to 2024.The incident gained public attention after a threat actor using the alias Solonik posted the records on BreachForums earlier this week. Experts who have analyzed the data notes that its structured format suggests it was pulled directly from Instagram’s systems or through an insecure endpoint that allowed for large-scale data scraping.In the days following the leak, millions of users reported receiving authentic password reset emails from the official [email protected] domain. While these emails are legitimate communications from Instagram, the recipients did not initiate the requests. Security analysts believe hackers are using the exposed email addresses to trigger these recovery flows, either to attempt account takeovers or to create a “smoke screen” for more targeted phishing campaigns.The influx of unsolicited emails has caused widespread alarm, leaving many users unsure if they are witnessing a technical glitch or a coordinated attack. Researchers warn that by flooding users with real system notifications, attackers may hope to fatigue victims into eventually clicking a malicious link or providing further credentials through a fake login page.Meta has yet to release an official statement or acknowledgment regarding the 17.5 million compromised accounts. In the absence of a corporate response, cybersecurity professionals are advising all Instagram users to enable two-factor authentication and remain vigilant against any suspicious messages, even those appearing to come from official sources.Please follow and like us:
