Instagram data breach exposes 17 million accounts worldwide

• Data of 17.5 million Instagram users reportedly exposed, including usernames, addresses, phone numbers, and emails.
• Experts warn the information could be abused for phishing or account takeovers; Meta has not commented.

A major data breach has reportedly exposed sensitive information of 17.5 million Instagram users, according to cybersecurity firm Malwarebytes. The leaked data includes usernames, physical addresses, phone numbers, email addresses, and other personal information.

Read more: QAIA records nearly 9 million passengers in 2025

Malwarebytes said the breach was discovered during routine dark web monitoring and appears linked to a potential Instagram API exposure dating back to 2024. The company warned that the information is now for sale on the dark web and could be exploited by cybercriminals.

Users report suspicious activity

Following the breach, many Instagram users have received emails prompting them to reset their passwords. Malwarebytes cautioned that the leaked data could enable more serious cyberattacks, including phishing campaigns and account takeovers.

Read more: ‘Israel’ seizes $40 million from Palestinian tax funds

The cybersecurity firm recommended that affected users enable two-factor authentication, change passwords, and review devices logged into their accounts through Meta’s Accounts Center.

Meta remains silent

Meta, Instagram’s parent company, has not issued a public statement regarding the latest incident. The social media giant has faced previous scrutiny over data breaches and privacy issues, raising concerns about recurring vulnerabilities in its platforms.

Cybersecurity experts advise all Instagram users to remain vigilant, avoid clicking suspicious links, and regularly monitor account activity to prevent unauthorized access.