Search

Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts

Cyber threats and incidents
By Evan Rowe

Related

AI and security

Depthfirst Secures $40M to Advance AI-Driven Vulnerability Management

What happened Cybersecurity startup Depthfirst has raised $40 million in...
Read more
Cyber threats and incidents

Critical Cal.com Authentication Bypass Lets Attackers Take Over User Accounts

What happened A critical Cal.com authentication bypass lets attackers take...
Read more
Cyber threats and incidents

International Takedown Disrupts RedVDS Cybercrime Platform Driving Phishing and Fraud

What happened International takedown disrupts RedVDS cybercrime platform driving phishing...
Read more
Cyber threats and incidents

High‑Severity Palo Alto Networks PAN‑OS DoS Flaw Could Interrupt Firewall Availability

What happened A high‑severity Palo Alto Networks PAN‑OS DoS flaw...
Read more
Founders, Analysts & Industry Voices

Return Fraud Startup Pinch AI Raises $5M to Help Retailers Protect Margins

What happened Return‑fraud detection startup Pinch AI has secured $5...
Read more

Share

What happened

Instagram data leak exposes sensitive info of 17.5M accounts after a large dataset containing personal information tied to approximately 17.5 million Instagram users began circulating on dark web forums, according to cybersecurity firm Malwarebytes. The exposed data reportedly includes usernames, full names, email addresses, international phone numbers, partial physical addresses, and other contact details. The dataset was allegedly posted by a threat actor on BreachForums and is believed to stem from API scraping or misconfigured public interfaces in 2024. The availability of this information has correlated with reports of users receiving legitimate Instagram password reset notifications, suggesting attempts by malicious actors to verify accounts or initiate takeovers. While no direct confirmation from Meta, the parent company of Instagram, has been issued, the dataset’s scale and content raise concerns about phishing, impersonation, social engineering, and account recovery abuse.

Who is affected

Individuals with Instagram accounts worldwide are exposed to heightened risk of phishing, impersonation, and account recovery abuse through contact detail exposure; this is a direct impact on users whose info appears in the leaked dataset and an indirect risk to connected contacts.

Why CISOs should care

The incident underscores the ongoing risk of data scraping and API misuse leading to large‑scale personal information exposure, with implications for brand reputation, user trust, phishing susceptibility, compliance obligations, and potential account takeover attacks in customer‑facing services.

3 practical actions

  • Audit API and public endpoints: Review and secure all APIs and public interfaces to prevent bulk data scraping and enforce rate limiting and access controls.
  • Enhance detection of abuse signals: Monitor for unusual account recovery requests and authentication resets tied to exposed contact information.
  • Communicate risks to users: Alert customers to the exposure, advise on phishing and social engineering risks, and promote robust login protections like two‑factor authentication.
Previous article
Fake WinRAR Websites Deliver Malware with Installer
Next article
CISO Diaries: Liav Shlezinger on Governance, Risk, and Operational Security in Defense
AI and security

Depthfirst Secures $40M to Advance AI-Driven Vulnerability Management

What happened Cybersecurity startup Depthfirst has raised $40 million in...
Cyber threats and incidents

Critical Cal.com Authentication Bypass Lets Attackers Take Over User Accounts

What happened A critical Cal.com authentication bypass lets attackers take...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.