Add Techlomedia as a preferred source on Google. 
Cybersecurity experts have warned that the personal data of around 17.5 million Instagram users is reportedly circulating on dark web marketplaces. The leak was highlighted by cybersecurity firm Malwarebytes. As per the report, the leaked data includes usernames, email addresses, phone numbers, partial location details, and other profile information.
Several users have reported receiving unsolicited password reset emails, which suggests attackers are actively trying to take over accounts using the exposed data. Instagram and parent company Meta have not yet officially confirmed the leak or clarified whether the data came from their systems or third-party sources.
The exposed dataset reportedly contains:
- Instagram usernames and full names
- Email addresses
- Phone numbers
- Partial location data
- User IDs and other profile metadata
While passwords themselves are not part of the leak, experts say the combination of emails and phone numbers is enough for phishing attacks, social engineering, and targeted account takeover attempts. Cybercriminals can send convincing messages that appear to come from Instagram or Meta, making it harder for users to spot scams.
Investigations suggest that the data may have been collected toward the end of 2024, likely through public APIs and region-specific scraping methods. The dataset resurfaced recently on the dark web under a threat actor using the alias “Subkek.”
Security analysts warn that even older datasets remain valuable because many users reuse contact details across platforms. This makes resurfaced data a real risk for identity theft and account compromise.
Meta has said that its systems were not breached. According to the company, the password reset emails were caused by a technical issue that has been fixed. However, cybersecurity experts caution that the presence of the dataset and active misuse by hackers indicate users’ accounts are still at risk.
How to Check If Your Account Is Affected
- Use haveibeenpwned.com to check if your email or phone number appears in leaked databases.
- Watch for unexpected password reset emails.
- Check Instagram’s Login Activity for unknown devices.
To protect your Instagram account from potential misuse of leaked data, enable Two-Factor Authentication (2FA). This adds an extra layer of security beyond your password. Use an authenticator app like Google Authenticator or Authy rather than SMS, as SMS codes can be intercepted. Once enabled, even if someone has your password, they will not be able to access your account without the second verification code.
If you have a weak password, change it to a strong one using a good password generator. People who find it hard to remember strong passwords should start using a password manager.
It is also important to note that hackers may send phishing emails asking you to reset your password or confirm account details. Always verify the sender, and never click on links in unexpected messages
You should also check which external apps have access to your Instagram account. Remove any apps that are unnecessary or look suspicious. Third-party apps can sometimes be used to hijack accounts if they have weak security.
Regularly check your Instagram Login Activity for unknown devices or unusual locations. If you see activity you do not recognize, immediately log out of those sessions and change your password.
Even without passwords, the leaked data poses a serious threat. Contact information like email addresses and phone numbers can be used in phishing, identity theft, and account takeovers. The leak highlights a broader issue: old datasets can resurface and be exploited long after the original collection.
This incident underlines the need for continuous vigilance when it comes to online security. Users must take proactive steps to protect their accounts, including 2FA, unique passwords, and careful monitoring of activity.
Follow Techlomedia on Google News to stay updated. 
Affiliate Disclosure:
This article may contain affiliate links. We may earn a commission on purchases made through these links at no extra cost to you.
