Instagram data breach exposes 17.5 million users on dark web, sparks flood of reset emails

Meta is facing a major security crisis right now. The cybersecurity firm Malwarebytes confirmed a data breach that exposed the data of 17.5 million Instagram users.

The stolen data includes usernames, email addresses, phone numbers, and partial physical addresses, is now circulating freely on dark web forums.

Following the breach, a wave of confusion has swept over Instagram users. An unsolicited password reset email from Instagram’s legitimate domain ([email protected]) has been sent to users since January 8.

While the email is from an authorised source, it is not requested by the user. This has sparked widespread alarm and speculation about a system glitch or a phishing campaign.

Security experts now confirm the reset emails are likely a direct result of the breach, with threat actors potentially using the data to trigger account recovery processes or to mask targeted phishing attempts.

The leaked dataset is reportedly the work of a hacker known as “Solonik.”

The data is believed to originate from an API-related exposure dating back to 2024.

Meta has not issued any official statement regarding the breach yet.