This week, it was discovered that Instagram’s platform suffered one of the largest data leaks in its history. A database containing approximately 17.5 million accounts has been circulated on the dark web.
The leaks contain highly sensitive information, including email addresses, phone numbers, full usernames, and in some cases, even actual physical addresses.
Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more. pic.twitter.com/LXvjjQ5VXL
— Malwarebytes (@Malwarebytes) January 9, 2026
How did the breach happen?
Contrary to popular belief, Instagram’s servers were not directly hacked in this incident. The most likely reason—according to initial analyses from cybersecurity companies like Malwarebytes and Cybernews—is that the breach occurred through the aggregation of old data from previous leaks + exploiting vulnerabilities in third-party applications and services linked to Instagram accounts (such as automated posting tools, follower analysis services, or account management software).
After collecting this data, it was prepared, organized, and effectively linked to Instagram accounts, producing a “fresh” and extremely dangerous database from the hackers’ perspective.
The real risks you face now
- Phishing password reset attacks
Thousands of users have started receiving emails and notifications that appear to be from Instagram stating: “A password reset has been requested.” These are mostly sophisticated phishing attempts. - Faster account theft
Once the attacker knows your email and phone number, it becomes very easy to bypass two-factor authentication if it relies solely on text messages (SIM swapping). - Extortion and harassment
If the account contains personal photos or family information, criminals may use them for extortion or to harass the victims. - Attacks on other accounts
Most people use the same email or phone number across multiple services (Gmail, Facebook, TikTok, banks…). One leak opens the door to a series of breaches.
What to do now? (Immediate practical steps)
| Step | Priority | Time required | Expected impact |
|---|---|---|---|
| Activate two-factor authentication (Authenticator app) | ★★★★★ | 3 minutes | Reduces risk by 95–99% |
| Change your password to a strong, completely new one | ★★★★ | 2 minutes | Essential if it’s weak or repeated |
| Remove all suspicious connected apps | ★★★ | 5–10 minutes | Cuts off backdoor access |
| Check if your data has been leaked (Have I Been Pwned) | ★★★ | 2 minutes | Gives you a clearer picture |
| Use different passwords for each account (Password manager) | ★★★★ | Long-term investment | Optimal strategic solution |
Follow Tangier7 on GOOGLE NEWS and Facebook. Also on the Instagram platform. In addition to the X platform and Nabd app
