Reading time 1 minute
The cybersecurity company Malwarebytes just noticed something unpleasant happening over on the dark web:
Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more. This data is available for sale on the dark web and can be abused by cybercriminals.[image or embed]
Did you receive any unexpected password reset emails from Instagram lately? If the comments on a Reddit post about this breach from a few hours ago are any indication, you’re not alone.
It seems that the physical addresses, phone numbers, email addresses and other information attached to the accounts of 17.5 million Instagram users is available for sale in the sketchier parts of the internet.
Apparently Malwarebytes performs sweeps of the dark net for items like this, and surmised that this cache of personal details is tied a 2024 API breach that likely allowed an attacker to pry the information out of Instagram.
Some steps you can take to ensure that your information is safe include:
So far Instagram does not appear to have published a statement about this issue. Gizmodo reached out to Meta for comment, and will update if we hear back.
Explore more on these topics
Share this story
Subscribe and interact with our community, get up to date with our customised Newsletters and much more.
Follow along with Gizmodo as we check out all the latest gadget announcements from the year's biggest, most-packed tech event, CES 2026.
Crypto wasn't stolen this time, but data was leaked with the potential to lead to thefts later on.
The outage and service degradation is accompanied by a bunch of "67" jokes (if you can call them "jokes").
This isn't the first cybersecurity breach to impact the space agency.
If Meta can use a feature for targeting ads, Meta will use a feature for targeting ads.
It does make sense if you think about it.
©2025 GIZMODO USA LLC.
All rights reserved.
Source: Gizmodo