Massive Instagram Data Breach Exposes 17.5 Million Users’ Personal Information
A significant data breach has exposed the personal details of approximately 17.5 million Instagram users, with the compromised dataset now circulating on dark web forums. The leak, first identified by cybersecurity researchers at Malwarebytes, was posted by a threat actor under the alias “Solonik” earlier this week. The listing, titled “INSTAGRAM.COM 17M GLOBAL USERS 2024 API LEAK,” claims the data was harvested in late 2024 through an API vulnerability, allowing automated scraping of user profiles worldwide.
The breach is particularly severe due to the depth of exposed information, which includes full names, usernames, verified email addresses, phone numbers, user IDs, and partial location data. Unlike previous leaks limited to usernames, this dataset enables cybercriminals to construct detailed profiles for targeted attacks. Screenshots of the data confirm its authenticity, showing structured records that facilitate identity theft and phishing campaigns.
The incident has already led to active exploitation, with affected users reporting a surge in unsolicited password reset notifications. While passwords were not included in the leak, the combination of emails and phone numbers enables SIM-swapping attacks and sophisticated social engineering. Attackers can impersonate Instagram support or use exposed details to manipulate victims into revealing two-factor authentication (2FA) codes or login credentials.
The breach is classified as a scraping incident exploiting public API endpoints rather than a direct server intrusion. However, the scale suggests a failure in rate-limiting or privacy controls, allowing threat actors to extract millions of records undetected. As of January 10, 2026, Meta has not issued a public statement addressing the 17.5 million-record dump. The incident underscores the risks of API-based data exposure and the need for enhanced security measures to prevent automated harvesting of user information.
Source: https://cyberpress.org/instagram-data-leak/
Instagram cybersecurity rating report: https://www.rankiteo.com/company/instagram
"id": "INS1769168216",
"linkid": "instagram",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '17.5 million users',
'industry': 'Technology/Social Media',
'location': 'Global',
'name': 'Instagram',
'size': 'Large',
'type': 'Social Media Platform'}],
'attack_vector': 'API Vulnerability Exploitation',
'data_breach': {'data_encryption': 'No',
'data_exfiltration': 'Yes',
'number_of_records_exposed': '17.5 million',
'personally_identifiable_information': 'Full names, '
'usernames, verified '
'email addresses, '
'phone numbers, user '
'IDs, partial location '
'data',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII)'},
'date_detected': '2026-01-10',
'date_publicly_disclosed': '2026-01-10',
'description': 'A significant data breach has exposed the personal details of '
'approximately 17.5 million Instagram users, with the '
'compromised dataset now circulating on dark web forums. The '
'leak was first identified by cybersecurity researchers at '
'Malwarebytes and was posted by a threat actor under the alias '
"'Solonik'. The dataset includes full names, usernames, "
'verified email addresses, phone numbers, user IDs, and '
'partial location data, enabling cybercriminals to construct '
'detailed profiles for targeted attacks.',
'impact': {'brand_reputation_impact': 'High',
'customer_complaints': 'Surge in unsolicited password reset '
'notifications',
'data_compromised': 'Full names, usernames, verified email '
'addresses, phone numbers, user IDs, partial '
'location data',
'identity_theft_risk': 'High',
'systems_affected': 'Instagram API endpoints'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
'entry_point': 'API vulnerability',
'reconnaissance_period': 'Late 2024'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident underscores the risks of API-based data '
'exposure and the need for enhanced security measures to '
'prevent automated harvesting of user information.',
'motivation': 'Data Exfiltration for Dark Web Sale',
'post_incident_analysis': {'root_causes': 'Failure in rate-limiting or '
'privacy controls for API '
'endpoints'},
'references': [{'date_accessed': '2026-01-10', 'source': 'Malwarebytes'}],
'threat_actor': 'Solonik',
'title': 'Massive Instagram Data Breach Exposes 17.5 Million Users’ Personal '
'Information',
'type': 'Data Breach',
'vulnerability_exploited': 'API scraping via automated harvesting of user '
'profiles'}