Hackers leak Instagram user data, including emails and phone numbers, affecting millions worldwide. The exposed information reportedly includes usernames, email addresses, phone numbers, and partial physical addresses. Security experts warn that such personal information leaks can fuel phishing attacks, identity theft risk, and account takeover attempts. Reports indicate the leak may stem from an API vulnerability, with data shared on hacker forums.
The dataset, allegedly posted by a threat actor using the alias Solonik on Breach Forums on January 7, 2026, reportedly contains over 17.5 million Instagram users’ records. The information appeared in JSON and TXT format data dumps, showing structured fields like user IDs, usernames, and email addresses. Experts suggest this profile metadata leak could originate from 2024, possibly through third-party app security gaps or exposed API endpoints.
Instagram’s parent company, Meta, has not confirmed the incident. Users are being urged to remain cautious and monitor messages prompting password resets or account verifications. Many have already received password reset notifications, which may indicate ongoing attempts to exploit account recovery methods. Cybersecurity specialists emphasize online privacy protection, including enabling two-factor authentication and avoiding suspicious links, to minimize risk from personal information leaks.
This Instagram data breach highlights the growing threat of digital exposure. Users should check if their information has been compromised and update security measures immediately. Simple steps, such as changing passwords, reviewing connected apps, and monitoring for phishing attacks, can protect accounts from further harm.
Conclusion:
Hackers leak Instagram user data, including emails and phone numbers, posing serious cybersecurity threats. Immediate action and careful online privacy protection can reduce risks.
Meta Description:
Hackers leak Instagram user data, including emails and phone numbers, putting 17.5 million Instagram users at risk from phishing attacks.
