#Instagram data breach# Instagram hack 2026# 17.5 million Instagram accounts leaked# Instagram dark web leak# Malwarebytes Instagram breach
IBNS-CMEDIA: Cybersecurity firm Malwarebytes has claimed that as many as 17.5 million Instagram accounts have been affected by a major data breach, with sensitive user information allegedly being stolen and circulated on the dark web.
“Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more,” Malwarebytes said in a post on X.
According to the firm, the compromised data is now available for sale on the dark web and could be exploited for a range of cybercrimes.
The reported breach has triggered a surge in password reset emails being sent to Instagram users. Malwarebytes warned that the leaked information could pave the way for more serious attacks, including phishing attempts and account takeovers, as reported by Engadget.
Meta, the parent company of Facebook and Instagram, has so far not commented on the alleged breach.
Reports suggest that the stolen data may have originated from an Instagram API leak that occurred in 2024. A threat actor using the alias “Solonik” reportedly published the dataset on BreachForums on January 7, 2026, offering it for free, according to CyberInsider.
In light of the breach, Malwarebytes has urged Instagram users to enable two-factor authentication (2FA) and remain vigilant against suspicious login attempts.
