A fresh wave of concern has emerged in the global cybersecurity landscape following reports that personal information belonging to approximately 17.5 million users of Instagram has been exposed online.
The leaked dataset reportedly includes usernames, full names, email addresses, phone numbers, and partial residential details. Although passwords were not compromised, experts warn that the exposed data could enable phishing, identity theft, and financial fraud.
Cybersecurity firm Malwarebytes stated that attackers can still exploit such information to craft highly targeted scams, even without direct access to login credentials.
According to cybersecurity publication Cyber Insider, the data may have been collected in 2024 by exploiting a vulnerability in Instagram’s API, allowing large-scale harvesting of user information.
The incident escalated after a threat actor known as “Solonnik” reportedly released the dataset for free on BreachForums. Users across several countries have since reported an increase in suspicious login alerts and password reset emails.
Experts recommend that users change their passwords, enable two-factor authentication, monitor account activity closely, and avoid clicking on suspicious links or messages.