hollydolly
SF VIP
- Location
- London England
Millions of Instagram users have had their personal details leaked, as those affected have reported a deluge of password reset emails, cyber experts have warned.
Around 17.5million accounts were targeted in the data breach, with sensitive data released onto the dark web including user names, full names, email addresses, phone numbers, partial physical addresses and other contact details.
The breach was revealed on X by security firm Malwarebytes on Saturday, which warned that the leaked data has likely been shared with cyber criminals.
While the leaked information does not appear to also contain passwords, other personal data that falls into the wrong hands can be used to commit identity and financial fraud.
According to tech publication CyberInsider, the data was first stolen during an Instagram API leak in 2024, in which the hacker bypassed standard security protections to scrape the sensitive data.
Then a threat actor named 'Solonnik' published the dataset on BreachForums on Wednesday, offering it for free.
According to the poster, the dataset comprised more than 17million records - a number that experts say indicates a significant leak.
However thousands of people have reported receiving multiple password reset request emails over the last few days, The Verve reported.
Experts say that while the emails look legitimate, they are most likely to have been sent by a scammer and advise people not to click any of the links.
Typically people have been receiving an email that appears to have been sent by Instagram claiming that a password reset has been requested on the account.
The email features a large blue Reset Password button alongside the message, 'If you ignore this message, your password will not be changed. If you didn’t request a password reset, let us know.'
According to experts, the cyber hackers are relying on users to panic and click the button or hyperlink without considering that it could be a scam
Around 17.5million accounts were targeted in the data breach, with sensitive data released onto the dark web including user names, full names, email addresses, phone numbers, partial physical addresses and other contact details.
The breach was revealed on X by security firm Malwarebytes on Saturday, which warned that the leaked data has likely been shared with cyber criminals.
While the leaked information does not appear to also contain passwords, other personal data that falls into the wrong hands can be used to commit identity and financial fraud.
According to tech publication CyberInsider, the data was first stolen during an Instagram API leak in 2024, in which the hacker bypassed standard security protections to scrape the sensitive data.
Then a threat actor named 'Solonnik' published the dataset on BreachForums on Wednesday, offering it for free.
According to the poster, the dataset comprised more than 17million records - a number that experts say indicates a significant leak.
However thousands of people have reported receiving multiple password reset request emails over the last few days, The Verve reported.
Experts say that while the emails look legitimate, they are most likely to have been sent by a scammer and advise people not to click any of the links.
Typically people have been receiving an email that appears to have been sent by Instagram claiming that a password reset has been requested on the account.
The email features a large blue Reset Password button alongside the message, 'If you ignore this message, your password will not be changed. If you didn’t request a password reset, let us know.'
According to experts, the cyber hackers are relying on users to panic and click the button or hyperlink without considering that it could be a scam
