Data of 1.75 crore Instagram users leaked on dark web

A worrying news has emerged for the users of social media platform Instagram. According to a recent report by cyber security company Malwarebytes, the data of about 1.75 crore (17.5 million) users associated with Instagram is said to be available for sale on the dark web. After this news, concern about the privacy and account security of users has increased on social media.

The report claims that this leaked data includes username, email ID, phone number and location information of Instagram users. Cyber ​​experts say that if such sensitive information falls into the wrong hands, the risks like phishing attacks, account hacking and identity theft increase manifold.

According to Malwarebytes, misuse of this data has already started. Many users have reported that they have received password reset emails from Instagram that they themselves did not request. Due to this, it is suspected that cyber criminals are trying to gain illegal access to the accounts with the help of leaked data.

According to listings on the dark web, this data was scraped in late 2024. It is being told that this information was collected through Instagram’s public API and some regional sources. A user named “Subkek” is claiming to be selling this data, which includes full email addresses, phone numbers and limited location details.

Security experts say that when cyber criminals have the contact details of a user, they can send fake messages and emails in the name of Instagram or Meta that look very trustworthy, due to which the users can easily become victims of fraud.

How to know whether you are safe or not?

• If you want to know whether your account has been affected or not, you can check by entering your email or phone number on the haveibeenpwned.com website.
• Apart from this, receiving an unsolicited password reset email or seeing an unknown device in Instagram’s Login Activity can also be a danger sign.
• For security, it is recommended that users immediately turn on Two-Factor Authentication (2FA), change passwords, ignore suspicious emails, and remove unnecessary third-party apps from their Instagram account.

What did Meta say?
Initially Instagram and its parent company Meta did not issue any official statement regarding this data leak. But now Meta has given its official response rejecting the claims related to Instagram data leak. In a statement given to Hindustan Times, Meta spokesperson said that there has been no breach or data breach in the company’s system and the Instagram accounts of the users are completely safe.

According to Meta, the company had identified a technical issue that could have allowed an outsider to request that a password reset email be sent to some Instagram users. However, this does not mean that someone gained unauthorized access to the accounts or that user data was stolen. Meta clarified that this flaw has been fixed.

“We have fixed an issue that was allowing an external party to trigger a password reset email,” the spokesperson said. There was no breach in our system and Instagram accounts are secure. Meta also said that users who have received such emails can ignore them. The company has also apologized for this confusion.