Instagram Data Leak big  Exposes Sensitive Info of 17.5M Accounts

significant security breach has compromised approximately 17.5 million Instagram user accounts, exposing sensitive personal information that is now circulating on the dark web.

The incident reported earlier this week by cybersecurity firm Malwarebytes raised urgent concerns about user privacy and account security.

Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more. pic.twitter.com/LXvjjQ5VXL

— Malwarebytes (@Malwarebytes) January 9, 2026

What Data Was Exposed

The breach encompasses a wide range of personal information that could put affected users at serious risk. Compromised data includes usernames, email addresses, phone numbers, and physical addresses.

This combination of information makes users particularly vulnerable to identity theft, phishing, and social engineering.

Malwarebytes has confirmed that the stolen database is actively being traded on dark web marketplaces, making it accessible to cybercriminals worldwide.

The availability of this data has already led to real-world consequences, with multiple users reporting receiving legitimate Instagram password reset notifications, a clear indication that threat actors are attempting to hijack accounts using the leaked information.

Exposing email addresses and phone numbers linked to Instagram accounts creates opportunities for targeted phishing campaigns.

Instagram screenshots reveal a dark web listing for a massive 17.5 million Instagram user data leak from late 2024, featuring usernames, emails, phones, and partial locations scraped worldwide. This aligns with Malwarebytes’ recent alert about active exploitation, including password reset attempts on affected accounts.