Millions of Instagram account details leaked – have YOU been affected?

January 10, 2026

By FRANCINE WOLFISZ, NEWS REPORTER

Published: | Updated:

Meta has moved to explain why Instagram users have reported receiving a deluge of password reset emails, amid fears they had their personal details leaked.

Cyber experts originally reported that around 17.5million accounts were targeted in a data breach, with sensitive data released onto the dark web including user names, full names, email addresses, phone numbers, partial physical addresses and other contact details.

The breach was revealed on X by security firm Malwarebytes on Saturday, which warned that the leaked data had likely been shared with cyber criminals.

While the leaked information did not appear to also contain passwords, personal data that falls into the wrong hands can be used to commit identity and financial fraud.

According to tech publication CyberInsider, the data was first stolen during an Instagram API leak in 2024, in which the hacker bypassed standard security protections to scrape the sensitive data. 

Then a threat actor named ‘Solonnik’ published the dataset on BreachForums on  Wednesday, offering it for free.

According to the poster, the dataset comprised more than 17million records – a number that experts say indicates a significant leak.

Millions of Instagram users have had their personal details leaked, as those affected have reported a deluge of password reset emails, cyber experts have warned
The breach was revealed on X by security firm Malwarebytes on Saturday, which warned that the leaked data has likely been shared with cyber criminals
@ohhackno

Your first update on the sketchy emails from IG 🫡

♬ original sound – Flo & Kenny | ohhackno

Thousands of people then reported having received multiple password reset request emails over the last few days, The Verve reported.

Typically people had been receiving an email from Instagram claiming that a password reset had been requested on the account.

The email features a large blue Reset Password button alongside the message, ‘If you ignore this message, your password will not be changed. If you didn’t request a password reset, let us know.’

But on Sunday, Meta moved to reassure users that there had been ‘no breach’ and that accounts ‘remain secure’.

A spokesperson said: ‘We fixed an issue that allowed an external party to request password reset emails for some Instagram users. 

‘We want to reassure everyone there was no breach of our systems and people’s Instagram accounts remain secure. 

‘People can disregard these emails and we apologize for any confusion this may have caused.’ 

Has my personal data been stolen? 

For anyone concerned they may have been affected by the latest data breach, visit HaveIBeenPwned.com or malwarebytes.com

The websites let you check whether your email has been compromised as part of any of the data breaches that have happened.

If your email address pops up you should change your password. 

Pwned Passwords 

To check if your password may have been exposed in a previous data breach, go to the site’s homepage and enter your email address. 

The search tool will check it against the details of historical data breaches that made this information publicly visible. 

If your password does pop up, you’re likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes. 

Cybersecurity expert and Microsoft regional director Tory Hunt built the site to help people check whether or not the password they would like to use was on a list of known breached passwords. 

The site does not store your password next to any personally identifiable data and every password is encrypted.

Other Safety Tips 

Hunt provides three easy-to-follow steps for better online security. 

First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use. 

Next, enable two-factor authentication. Lastly, keep abreast of any breaches.

Advertisement

For anyone concerned they may have had their data leaked, visit HaveIBeenPwned.com or malwarebytes.com, which can check if an email address has been compromised on Instagram and other websites.

Malwarebytes advises people to change their passwords and enable two-factor authentication (2FA) for enhanced security. 

MetaInstagram

 

Search

RECENT PRESS RELEASES

Related Post

Amazon is selling a $150 robot vacuum for just $90 (and 9 more fab deals)
Amazon is selling a $150 robot vacuum for just $90 (and 9 more fab deals)
Gallery

Amazon is selling a $150 robot vacuum for just $90 (and 9 more fab deals)

January 11, 2026
Amazon Requires Employee Accomplishments for 2026 Performance Reviews
Amazon Requires Employee Accomplishments for 2026 Performance Reviews
Gallery

Amazon Requires Employee Accomplishments for 2026 Performance Reviews

January 11, 2026
Satoshi-Era Bitcoin Miner Wakes Up After 15 Years, But Why Now?
Satoshi-Era Bitcoin Miner Wakes Up After 15 Years, But Why Now?
Gallery

Satoshi-Era Bitcoin Miner Wakes Up After 15 Years, But Why Now?

January 11, 2026
Budgie 11 Desktop Environment Will Be Ported to Qt 6, Development Kicks Off
Budgie 11 Desktop Environment Will Be Ported to Qt 6, Development Kicks Off
Gallery

Budgie 11 Desktop Environment Will Be Ported to Qt 6, Development Kicks Off

January 11, 2026