An Instagram data breach reportedly exposed the personal info of 17.5 million users

If you’ve received a lot of password reset requests from Instagram recently, you’re not alone. As reported by Malwarebytes, an antivirus software company, there was a data breach revealing the “sensitive information” of 17.5 million Instagram users. Malwarebytes added that the leak included Instagram usernames, physical addresses, phone numbers, email addresses and more.

The company added that “the data is available for sale on the dark web and can be used by cybercriminals.” Malwarebytes said in an email to customers that it discovered the flaw during its routine scanning of the dark web and that it was linked to a potential incident related to Instagram API exposure starting in 2024.

The reported breach caused users to receive multiple emails from Instagram regarding password reset requests. According to Malwarebytes, the leaked information could lead to more serious attacks, such as phishing attempts or account takeovers. Meta hasn’t released an official statement on the latest incident, but this isn’t the first time Instagram’s parent company has found itself in a sticky situation due to data breaches. If you haven’t already, it’s always a good idea to enable two-factor authentication and change your password. Better yet, you can check which devices are connected to your Instagram account in Meta’s Account Center.