Rewards Hub A data leak involving 17.5 million Instagram accounts has resurfaced on the dark web, attributed to a 2024 API flaw. The data, now circulating on Breachforums, includes usernames, emails, phone numbers, and account metadata. Cybersecurity firm Malwarebytes identified the leak, warning users of potential phishing attacks and advising immediate password changes and two-factor authentication.
The breach, originally caused by a misconfigured Instagram API, allowed large-scale scraping of user profiles. The data's reappearance in January 2026 has led to a spike in unsolicited password reset emails, as attackers exploit Instagram's legitimate reset system to facilitate phishing. Meta has yet to comment on the situation.
17.5 Million Instagram Accounts Resurface on Dark Web Due to 2024 API Flaw
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.