Millions of Instagram users have had their personal details leaked, as those affected have reported a deluge of password reset emails, cyber experts have warned.
Around 17.5million accounts were targeted in the data breach, with sensitive data released onto the dark web including user names, full names, email addresses, phone numbers, partial physical addresses and other contact details.
The breach was revealed on X by security firm Malwarebytes on Saturday, which warned that the leaked data has likely been shared with cyber criminals.
Personal data that falls into the wrong hands can potentially be used to commit identity and financial fraud.
According to tech publication CyberInsider, the data was first stolen during an Instagram API leak in 2024.
Then a threat actor named ‘Solonnik’ published the dataset on BreachForums on Wednesday, offering it for free.
According to the poster, the dataset comprised more than 17million records.
Meta, the parent company of Instagram, has yet to confirm the breach.
Millions of Instagram users have had their personal details leaked, as those affected have reported a deluge of password reset emails, cyber experts have warned
The breach was revealed on X by security firm Malwarebytes on Saturday, which warned that the leaked data has likely been shared with cyber criminals
However thousands of people have reported receiving multiple password reset request emails over the last few days., The Verve reported.
Experts say that while the emails look legitimate, they are most likely to have been sent by a scammer and advise people not to click any of the links.
For anyone concerned they may have been affected, visit HaveIBeenPwned.com or malwarebytes.com, which can check if an email address has been compromised on Instagram and other websites.
Malwarebytes also advises people to change their passwords and enable two-factor authentication (2FA) for enhanced security.
Daily Mail has contacted Meta for comment.
