Instagram account profiles leaked online
Data Leak
Summary
Hide ▲
Show ▼
Instagram account profiles were scraped and leaked online, exposing data from 17,017,213 records and creating fresh risk of phishing and social engineering. The shared dataset reportedly includes phone numbers, user names, names, physical addresses, email addresses, and Instagram IDs for at least some entries. Meta says there was no new breach and users can ignore unsolicited password reset emails and text codes. The leak does not include passwords, which limits direct credential-compromise risk but not downstream abuse.
Related Happenings
FIFA logins traded on dark-web markets
Data Leak
First: 27.05.2026 14:28
Last: 27.05.2026 14:28
Sources 1
About this happening:
Around **2,500 FIFA logins** have surfaced on **dark-web markets**, turning stolen credentials into an active exposure that can fuel account abuse and downstream fraud. The leak i...
FIFA logins traded on dark-web markets
Data LeakAbout this happening: Around **2,500 FIFA logins** have surfaced on **dark-web markets**, turning stolen credentials into an active exposure that can fuel account abuse and downstream fraud. The leak i...
Instagram private profiles server-side authorization failure security flaw
Vulnerability
First: 31.01.2026 16:27
Last: 31.01.2026 16:27
Sources 1
About this happening:
A **server-side authorization failure** in **Instagram private profiles** exposed links to private photos in **HTML responses**, allowing **unauthenticated visitors** to reach con...
Instagram private profiles server-side authorization failure security flaw
VulnerabilityAbout this happening: A **server-side authorization failure** in **Instagram private profiles** exposed links to private photos in **HTML responses**, allowing **unauthenticated visitors** to reach con...
U.S. Supreme Court hit by network compromise
Incident
First: 19.01.2026 18:04
Last: 19.01.2026 18:04
Sources 1
About this happening:
The **U.S. Supreme Court**, **AmeriCorps**, and the **Department of Veterans Affairs** suffered a **stolen-credential** account compromise that exposed restricted systems and sens...
U.S. Supreme Court hit by network compromise
IncidentAbout this happening: The **U.S. Supreme Court**, **AmeriCorps**, and the **Department of Veterans Affairs** suffered a **stolen-credential** account compromise that exposed restricted systems and sens...
BitB phishing campaign targeting Facebook users
Campaign
First: 12.01.2026 23:05
Last: 12.01.2026 23:05
Sources 1
About this happening:
A **six-month** phishing campaign is using **browser-in-the-browser (BitB)** fake login pop-ups to steal **Facebook credentials**, increasing the risk of **account takeover** and...
BitB phishing campaign targeting Facebook users
CampaignAbout this happening: A **six-month** phishing campaign is using **browser-in-the-browser (BitB)** fake login pop-ups to steal **Facebook credentials**, increasing the risk of **account takeover** and...
GoBruteforcer botnet brute-forces exposed Linux servers with a more capable mid-2025 variant
Malware Activity
First: 08.01.2026 19:30
Last: 08.01.2026 19:30
Sources 1
About this happening:
**GoBruteforcer** is actively brute-forcing **Linux servers exposed to the internet**, creating a broad risk of compromise, **data theft** and **botnet expansion**. The operation...
GoBruteforcer botnet brute-forces exposed Linux servers with a more capable mid-2025 variant
Malware ActivityAbout this happening: **GoBruteforcer** is actively brute-forcing **Linux servers exposed to the internet**, creating a broad risk of compromise, **data theft** and **botnet expansion**. The operation...
Timeline
-
11.01.2026 21:13 2 articles · 4mo ago
Instagram data leak claims and Meta denial
Initial DisclosureClaims emerge that data from more than 17 million Instagram accounts was scraped and released on hacking forums, with some shared records including phone numbers, user names, names, physical addresses, email addresses, and Instagram IDs. Meta says there was no breach of its systems, states it is not aware of any API incidents in 2022 or 2024, and says Instagram fixed a bug that allowed external parties to request password reset emails for some users.
Show sources
- Instagram denies breach amid claims of 17 million account data leak — www.bleepingcomputer.com — 11.01.2026 21:13
- Instagram denies breach amid claims of 17 million account data leak — www.bleepingcomputer.com — 11.01.2026 21:13