A data breach may have impacted up to 17.5 million Instagram accounts, revealing sensitive data including usernames, physical addresses, phone numbers, and email addresses.
This type of data can be used by hackers to gain access to users’ accounts. Cybersecurity firm Malwarebytes, which first reported the breach, advised users to change their passwords in the wake of the breach or enable two-factor authentication (2FA).
This Tweet is currently unavailable. It might be loading or has been removed.
In a post on X, the firm highlighted how some Instagram users appear to be receiving fake password reset emails—a common technique used in phishing scams. Meanwhile, several Reddit users have also posted screenshots of unprompted password reset requests in recent days.
CyberInsider, a cybersecurity outlet, said the stolen data appears to stem from an Instagram API leak that occurred in 2024. On January 7, 2026, a user with the alias “Solonik” published what appeared to be the stolen data on a message board dedicated to sharing personal information collected from data breaches, offering it free of charge. However, an official link between the two datasets has not been established.
CyberInsider’s analysis didn’t point to a clear reason for the leak, but said the data contained “entries with structured JSON fields typical of API responses,” though it didn’t rule out other causes.
Recommended by Our Editors
(Credit: CyberInsider)
Instagram’s parent company, Meta, has yet to confirm the breach or its origin. If the reports are true, this won’t be the first time Instagram has had to contend with fallout from data breaches. It was hit with a €17 fine (roughly $18 million) from the Irish regulator in 2022, over a series of 12 data breach notifications, as Engadget points out.
To enable two-factor authentication on Instagram, head to Profile > Menu > Accounts Center > Password and security, then select two-factor authentication. You’ll then need to add your chosen security method, for example, an authentication app like Microsoft or Google Authenticator, or simple SMS text setup.
Get Our Best Stories!
Your Daily Dose of Our Top Tech News
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Experience
I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.
I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.
Read Full Bio
