The Reveal Platform
Instagram users were recently impacted by a large-scale data leak where attackers got personal information linked to around 17.5 million accounts. Based on the reports published by Malwarebytes and other media sources, this incident appears to be caused by data collection through exposed or abused systems, rather than a direct compromise of Instagram’s internal infrastructure. Even though Instagram passwords were not part of the leaked dataset, the exposure of user details still creates serious security risks because attackers can use the information for targeted phishing, scams, and account abuse.
The leaked dataset contains a wide range of user profile details including Instagram usernames, display names, email addresses, phone numbers, user IDs, and partial location-related information. The data is being shared in formats such as JSON and TXT, which makes it easy for threat actors to search, filter, and automate attacks at scale. This type of leak is especially dangerous because it provides attackers with verified contact details, which can be used to craft realistic social engineering messages that look legitimate to victims.
The below screenshot was a Twitter post by Malwarebytes talking about a big Instagram data leak that affected around 17.5 million accounts. It says hackers stole personal details like usernames, home addresses, phone numbers, and email addresses. The post also shows a password reset email example, which explains how attackers may try to trick users or take over accounts.
As Malwarebytes explained, this incident is not being described as a “traditional hack” where an attacker breaks into Instagram and steals passwords. Instead, it is more consistent with large-scale scraping or misuse of exposed API access, where automated requests are used to pull user information in bulk. If rate limiting, authentication controls, and abuse monitoring are not strong enough, attackers can collect millions of records over time without triggering immediate detection. This is a common issue across social media platforms because public-facing systems are often targeted for mass harvesting.
The above screenshot is taken from a darkweb forum, where a post was made claiming that Instagram user data was being shared. As reported by Malwarebytes, the leaked information is said to include usernames, email addresses, phone numbers, and other profile-related details. The forum discussion shows how quickly this kind of data can spread in underground communities and how it can be reposted in different places. Even if the original post is removed, copies of the same data can continue to circulate for a long time.
The leaked dataset can be validated using open-source checks. For example, leaked phone numbers may match real identities when searched in tools like Truecaller, and the related Instagram usernames can be found as active accounts on Instagram. This supports the claim that the exposed records are linked to real users and can be misused for phishing or scams.
The leaked Instagram dataset can be confirmed using open-source breach lookup platforms. The below screenshot shows email addresses appearing under an Instagram-related breach entry, which supports the claim that the exposed records are linked to real accounts. This also explains why the leak is risky, because attackers can use leaked emails for phishing, fake login warnings, or password reset scams.
Even without passwords, this leak still increases risk for Instagram users worldwide. Attackers can use leaked phone numbers and email addresses to send convincing phishing messages, impersonate Instagram support, or trigger password reset attempts to pressure users into clicking malicious links. Victims may also face spam campaigns, fraud attempts, and identity-based scams, especially if the exposed contact details are reused across multiple services. For organizations, this type of leak can also lead to employee targeting, where attackers search for staff accounts and launch social engineering attacks against corporate users.
