Instagram Data Leak Claims Reignite Concerns Over Old Breach and New Security Incident
A recent claim by a hacker known as Solonik sparked fresh alarm over a purported 2024 Instagram data leak affecting 17 million users. The hacker posted the alleged dataset on a clear web hacking forum on 7 January, asserting it contained sensitive information including usernames, physical addresses, phone numbers, and email addresses. Cybersecurity firm Malwarebytes amplified the claim on X (formerly Twitter), suggesting the breach was both new and severe.
However, investigations revealed the dataset was not new. A separate forum member had shared an identical dataset in 2023, describing it as a scrape of Instagram’s data though its origin remained unclear. The sample data provided by Solonik matched records from nearly three years prior, indicating the hacker had merely repackaged old information, a common tactic among cybercriminals.
The situation grew more complex when Instagram users reported receiving unsolicited password reset emails, leading some observers to speculate a link between the two incidents. Meta, Instagram’s parent company, swiftly denied a breach but acknowledged a separate security issue. A spokesperson stated that the company had “fixed an issue that allowed an external party to request password reset emails for some users”, emphasizing that “no breach of [Meta’s] systems occurred” and that accounts remained secure. Users were advised to disregard the emails.
While the 17-million-record dataset was confirmed to be old dating back to January 2021 and later added to Have I Been Pwned’s (HIBP) database its contents still pose risks. The data includes usernames, display names, account IDs, and in some cases, geolocation, email addresses (6.2 million records), and phone numbers, all of which could be exploited for phishing or social engineering attacks.
The incident highlights the persistent threat of repackaged breach data and the challenges in verifying hacker claims, even as Meta works to contain unrelated security vulnerabilities.
Instagram cybersecurity rating report: https://www.rankiteo.com/company/instagram
"id": "INS1768202882",
"linkid": "instagram",
"type": "Breach",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '17 million users (alleged)',
'industry': 'Technology / Social Media',
'location': 'Global',
'name': 'Instagram (Meta)',
'size': 'Large (billions of users)',
'type': 'Social Media Platform'}],
'attack_vector': 'API Scraping (alleged)',
'customer_advisories': 'Users should update passwords, enable MFA, and watch '
'for phishing attempts.',
'data_breach': {'number_of_records_exposed': '17 million (6.2 million with '
'email addresses)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information - PII)',
'type_of_data_compromised': ['Usernames',
'Email addresses',
'Phone numbers',
'Physical addresses',
'Display names',
'Account IDs',
'Geolocation data']},
'date_detected': '2024-01-07',
'date_publicly_disclosed': '2024-01-07',
'description': 'A hacker claimed to have access to a 2024 data leak impacting '
'over 17 million Instagram users, later revealed to be a '
'repackaged dataset from 2023. The incident was amplified by '
'cybersecurity firm Malwarebytes, and Instagram denied any '
'breach but acknowledged an issue allowing unauthorized '
'password reset requests.',
'impact': {'brand_reputation_impact': 'Negative publicity, user confusion, '
'and distrust',
'customer_complaints': 'Users reported receiving unsolicited '
'password reset emails',
'data_compromised': 'Usernames, physical addresses, phone numbers, '
'email addresses, display names, account IDs, '
'geolocation data',
'identity_theft_risk': 'High (due to exposure of PII)',
'operational_impact': 'Unauthorized password reset requests sent '
'to users',
'systems_affected': 'Instagram platform (alleged unauthorized '
'access to password reset system)'},
'investigation_status': 'Ongoing (alleged repackaged dataset; unauthorized '
'access to password reset system confirmed)',
'lessons_learned': 'Older datasets can still pose risks; users should remain '
'vigilant against phishing and update passwords regularly. '
'Organizations should verify breach claims before '
'amplifying them.',
'motivation': 'Financial gain / Reputation among cybercriminals',
'post_incident_analysis': {'corrective_actions': 'Fixed password reset issue; '
'advised users to update '
'passwords and monitor for '
'phishing.',
'root_causes': 'Alleged API scraping; unauthorized '
'access to password reset system '
'(exact cause unclear).'},
'recommendations': ['Update passwords and enable multi-factor authentication '
'(MFA).',
'Monitor for phishing attempts targeting exposed PII.',
'Verify breach claims before public disclosure to avoid '
'misinformation.',
'Implement stricter API access controls to prevent '
'scraping.'],
'references': [{'date_accessed': '2024-01-11', 'source': 'Cyber Daily'},
{'date_accessed': '2024-01-07',
'source': 'Malwarebytes (X/Twitter)'},
{'date_accessed': '2024-01-11',
'source': 'Have I Been Pwned (HIBP)'}],
'response': {'communication_strategy': 'Public statement denying breach but '
'acknowledging password reset issue',
'containment_measures': 'Instagram acknowledged and fixed the '
'password reset issue',
'remediation_measures': 'Users advised to update passwords and '
'watch for phishing attempts'},
'stakeholder_advisories': 'Meta/Instagram advised users to disregard password '
'reset emails and update passwords.',
'threat_actor': 'Solonik (hacker alias)',
'title': 'Alleged Instagram Data Leak of 17 Million Users',
'type': 'Data Scrape / Alleged Breach',
'vulnerability_exploited': 'Instagram API (alleged)'}