Instagram Data Leak Claims Reignite Concerns Over Old and New Security Incidents
A recent claim by a hacker known as Solonik has sparked confusion and scrutiny around a purported 2024 Instagram data leak affecting over 17 million users. On January 7, Solonik posted on a clear web hacking forum, asserting possession of sensitive user data including usernames, physical addresses, phone numbers, and email addresses. Cybersecurity firm Malwarebytes amplified the claim on X (formerly Twitter), warning of a potential breach.
However, investigations revealed the dataset was not new. A separate forum member had shared the same information in 2023, describing it as scraped Instagram data of unknown origin. Solonik’s sample data matched records from nearly three years prior, suggesting the hacker was repackaging old information a common tactic among cybercriminals.
The situation grew more complex when Instagram users reported receiving unsolicited password reset emails. While Meta denied a breach, the company acknowledged an issue allowing an external party to trigger password reset requests. A spokesperson stated, “We fixed an issue that allowed an external party to request password reset emails for some Instagram users… There was no breach of our systems, and people’s Instagram accounts remain secure.”
Despite Meta’s reassurances, the incident highlights lingering risks. The dataset, now added to Have I Been Pwned (HIBP), contains 17 million records 6.2 million with email addresses and some with phone numbers originally scraped via an Instagram API in January 2023. While no new breach occurred, the exposure of older data still poses phishing and scamming risks for affected users.
Source: https://www.cyberdaily.au/security/13069-meta-denies-instagram-breach-impacting-17m-accounts
Instagram cybersecurity rating report: https://www.rankiteo.com/company/instagram
"id": "INS1768202435",
"linkid": "instagram",
"type": "Breach",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '17 million users',
'industry': 'Technology/Social Media',
'location': 'Global',
'name': 'Instagram (Meta)',
'size': 'Large (billions of users)',
'type': 'Social Media Platform'}],
'attack_vector': 'API Exploitation',
'customer_advisories': 'Users should monitor for phishing attempts and enable '
'multi-factor authentication.',
'data_breach': {'number_of_records_exposed': '17 million',
'personally_identifiable_information': 'Yes (email addresses, '
'phone numbers, '
'physical addresses)',
'sensitivity_of_data': 'Medium to High (PII exposed)',
'type_of_data_compromised': 'Public profile information, PII '
'(email addresses, phone numbers, '
'physical addresses, geolocation '
'data)'},
'date_detected': '2024-01-07',
'date_publicly_disclosed': '2024-01-07',
'description': 'A hacker claimed to have access to a 2024 data leak impacting '
'over 17 million Instagram users, later revealed to be a '
'repackaged dataset from 2023. The incident was amplified by '
'cybersecurity firm Malwarebytes, and Instagram users reported '
'receiving unsolicited password reset requests. Instagram '
'denied a breach but acknowledged an issue allowing external '
'parties to request password reset emails.',
'impact': {'brand_reputation_impact': 'Negative publicity, user distrust',
'customer_complaints': 'Users reported unsolicited password reset '
'emails',
'data_compromised': 'Usernames, physical addresses, phone numbers, '
'email addresses, display names, account IDs, '
'geolocation data',
'identity_theft_risk': 'High (PII exposed)',
'operational_impact': 'Unauthorized password reset requests, '
'potential phishing risks',
'systems_affected': 'Instagram API, password reset system'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (data '
'repackaged for sale)',
'entry_point': 'Instagram API'},
'investigation_status': 'Ongoing (data origin unclear, potential API misuse)',
'lessons_learned': 'Older datasets can still pose risks; API security must be '
'continuously monitored; threat actors often repurpose old '
'data for new claims.',
'motivation': 'Financial gain (potential sale of data on dark web)',
'post_incident_analysis': {'corrective_actions': 'API security audit, user '
'advisories, password reset '
'system fixes',
'root_causes': 'API misconfiguration allowing '
'unauthorized access; potential '
'scraping of public data'},
'recommendations': 'Users should update passwords, enable multi-factor '
'authentication, and remain vigilant against phishing '
'attempts. Companies should audit API security and monitor '
'for unauthorized access.',
'references': [{'date_accessed': '2024-01-07', 'source': 'Malwarebytes'},
{'date_accessed': '2024-01-11',
'source': 'Have I Been Pwned (HIBP)'},
{'date_accessed': '2024-01-07',
'source': 'Instagram (Meta) Statement'}],
'response': {'communication_strategy': 'Public statement denying breach but '
'acknowledging password reset issue',
'containment_measures': 'Instagram fixed the API issue allowing '
'password reset requests',
'remediation_measures': 'Users advised to update passwords and '
'watch for phishing attempts',
'third_party_assistance': 'Malwarebytes (cybersecurity firm)'},
'stakeholder_advisories': 'Instagram users advised to disregard unsolicited '
'password reset emails and update passwords.',
'threat_actor': 'Solonik (hacker alias)',
'title': 'Alleged Instagram Data Leak of 17 Million Users',
'type': 'Data Scraping',
'vulnerability_exploited': 'Instagram API misconfiguration'}