Massive Instagram Data Leak Made an Uproar Among 17.5 Million Users: Dark Web Strikes -

Post Views: 27

“A huge uproar has been raised over 17.5 Millions Users who have been exposed to a massive Instagram Data Leak.”

A startling 17.5 million Instagram accounts have been hijacked, and private information such as addresses, phone numbers, and emails is now openly shared on dark web forums.

The breach was initially discovered by cybersecurity company Malwarebytes and was connected to a hacker by the name of “Solonik,” who shared the information on BreachForums on January 7, 2026.

In the face of growing cyberthreats, Meta stays mute, leaving users open to phishing, identity theft, and account takeovers.

Data Exposure and Breach Discovery

During routine dark web scans, Malwarebytes discovered the leak, which included structured JSON and TXT files from a potential 2024 Instagram API endpoint disclosure. Important personal information about 17.5 million users is included in the dataset:

Usernames and full names
Email addresses
International phone numbers
Partial physical addresses
User IDs and contact information

This treasure, which is freely shared, gives hackers the ability to execute focused attacks, and victims are already experiencing early warning signals of password reset spam.

How Did the Cybercriminals Fail?

The compromise, which was discovered in 2024 and made public this week, most likely resulted from a third-party service or Instagram API vulnerability. On forums, “Solonik” bragged about how new the data was, which encouraged a surge of exploitation. This aligns with a trend of API misuse observed in previous Meta events, where millions of people were exposed due to inadequate endpoint protection.

Instagram Users’ Current Risks

In today’s threat landscape, exposed data increases risks:

Phishing Onslaughts: False SMS or Instagram/Meta emails are used to fool logins.
Account Hijacking: Impersonation for social engineering with authentic details.
Credential Reuse Attacks: If a password is copied elsewhere, it is stolen.
Identity Theft: Physical scams and doxxing are made possible by addresses.

Users report unusual activities, highlighting the urgency as hackers quickly use this information as a weapon.

Outrage Is Sparked by Meta’s Silence

Despite expert outreach, Meta has not released a statement, update, or mitigating guidance. There have been no security patch announcements or breach alerts, leaving 17.5 million people in the dark.

The reaction is criticized for being careless, particularly in light of the post-2024 API warnings, which undermine confidence in platform security.

Steps for Immediate Protection

Take immediate action to protect your account:

Turn on two-factor authentication (2FA) with an SMS or app.
Change your Instagram password and make sure it’s strong and distinct.
Examine login activities closely and terminate unidentified sessions.
In settings, remove access to third-party apps.
Keep an eye out for phishing emails and texts, and never click on dubious links.
Do antivirus checks and think about using a password manager.

Even without Meta’s assistance, proactive measures lessen the impact of the breach.

About The Author

Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”

MuddyWater Uses Spear-Phishing to Launch RustyWater RAT in the Middle East