The personal data of at least 17.5 million users of the Instagram platform has reportedly been shared on the dark web, raising serious concerns about user privacy and the platform’s security, reports Anadolu.

According to a report by ‘Daily Mail’, cyber security company ‘Malwarebytes’ said that the leaked data includes users’ full names, emails, phone numbers, partial physical addresses and other contact information.

Although passwords are not included, experts warn that the compromised data could be used for identity theft or financial fraud.

According to cybersecurity publication ‘CyberInsider’, the breach was first traced to a 2024 vulnerability in Instagram’s API.

Hackers reportedly bypassed the company’s standard Meta defenses and collected sensitive data before a threat actor identified as “Solonnik” published the data on BreachForum’s earlier this week, offering the dataset for free.

“Such a large data leak significantly increases the risk of phishing campaigns and targeted fraud,” experts told Malwarebytes.

After the breach, users from several regions reported receiving an unusual number of password reset emails, raising fears that compromised.

U.S. company Meta, which owns Instagram, has yet to issue a public statement confirming the breach until early January.

Instagram’s official help pages note that receiving a password reset email does not necessarily mean an account has been hacked, but cybersecurity analysts advise users to exercise caution.

The data leak reportedly affects Instagram accounts in worldwide and include both personal and influencer accounts.

The incident comes at a time when social networking companies are under increasing scrutiny for their data protection practices.

Source: prizrenpost