Millions of Instagram account details leaked – have YOU been affected?

January 10, 2026

By FRANCINE WOLFISZ, NEWS REPORTER

Published: | Updated:

Meta has moved to explain why Instagram users have reported receiving a deluge of password reset emails, amid fears they had their personal details leaked.

Cyber experts originally reported that around 17.5million accounts were targeted in a data breach, with sensitive data released onto the dark web including user names, full names, email addresses, phone numbers, partial physical addresses and other contact details.

The breach was revealed on X by security firm Malwarebytes on Saturday, which warned that the leaked data had likely been shared with cyber criminals.

While the leaked information did not appear to also contain passwords, personal data that falls into the wrong hands can be used to commit identity and financial fraud.

According to tech publication CyberInsider, the data was first stolen during an Instagram API leak in 2024, in which the hacker bypassed standard security protections to scrape the sensitive data. 

Then a threat actor named ‘Solonnik’ published the dataset on BreachForums on  Wednesday, offering it for free.

According to the poster, the dataset comprised more than 17million records – a number that experts say indicates a significant leak.

Millions of Instagram users have had their personal details leaked, as those affected have reported a deluge of password reset emails, cyber experts have warned
The breach was revealed on X by security firm Malwarebytes on Saturday, which warned that the leaked data has likely been shared with cyber criminals
@ohhackno

Your first update on the sketchy emails from IG 🫡

♬ original sound – Flo & Kenny | ohhackno

Thousands of people then reported having received multiple password reset request emails over the last few days, The Verve reported.

Typically people had been receiving an email from Instagram claiming that a password reset had been requested on the account.

The email features a large blue Reset Password button alongside the message, ‘If you ignore this message, your password will not be changed. If you didn’t request a password reset, let us know.’

But on Sunday, Meta moved to reassure users that there had been ‘no breach’ and that accounts ‘remain secure’.

A spokesperson said: ‘We fixed an issue that allowed an external party to request password reset emails for some Instagram users. 

‘We want to reassure everyone there was no breach of our systems and people’s Instagram accounts remain secure. 

‘People can disregard these emails and we apologize for any confusion this may have caused.’ 

Has my personal data been stolen? 

For anyone concerned they may have been affected by the latest data breach, visit HaveIBeenPwned.com or malwarebytes.com

The websites let you check whether your email has been compromised as part of any of the data breaches that have happened.

If your email address pops up you should change your password. 

Pwned Passwords 

To check if your password may have been exposed in a previous data breach, go to the site’s homepage and enter your email address. 

The search tool will check it against the details of historical data breaches that made this information publicly visible. 

If your password does pop up, you’re likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes. 

Cybersecurity expert and Microsoft regional director Tory Hunt built the site to help people check whether or not the password they would like to use was on a list of known breached passwords. 

The site does not store your password next to any personally identifiable data and every password is encrypted.

Other Safety Tips 

Hunt provides three easy-to-follow steps for better online security. 

First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use. 

Next, enable two-factor authentication. Lastly, keep abreast of any breaches.

Advertisement

For anyone concerned they may have had their data leaked, visit HaveIBeenPwned.com or malwarebytes.com, which can check if an email address has been compromised on Instagram and other websites.

Malwarebytes advises people to change their passwords and enable two-factor authentication (2FA) for enhanced security. 

MetaInstagram

 

Search

RECENT PRESS RELEASES

Related Post

Duke Energy displays new clean hydrogen facility on Florida’s east coast
Duke Energy displays new clean hydrogen facility on Florida’s east coast
Gallery

Duke Energy displays new clean hydrogen facility on Florida’s east coast

January 11, 2026
Egypt signs $1.8B renewable energy deals to expand solar, storage capacity
Egypt signs $1.8B renewable energy deals to expand solar, storage capacity
Gallery

Egypt signs $1.8B renewable energy deals to expand solar, storage capacity

January 11, 2026
Amazon Plans New Big Box Store in Chicago Suburbs
Amazon Plans New Big Box Store in Chicago Suburbs
Gallery

Amazon Plans New Big Box Store in Chicago Suburbs

January 11, 2026
How Recent Developments Are Reframing The Alibaba Group Holding NYSE:BABA Investment Story
How Recent Developments Are Reframing The Alibaba Group Holding NYSE:BABA Investment Story
Gallery

How Recent Developments Are Reframing The Alibaba Group Holding NYSE:BABA Investment Story

January 11, 2026