Trust and Turmoil: Hackers Target Instagram Users
One immutable aspect regarding hackers is the inherent unreliability of their proclamations; they function outside the law and frequently indulge in exaggeration or outright deception regarding their assertions.
This propensity for misinformation has recently created a significant disturbance for Instagram and its parent entity, Meta. A hacker operating under the alias Solonik asserted possession of a newly emerged 2024 data leak, purportedly affecting over 17 million users of the popular image-sharing platform.
In a post dated January 7 on a well-known clear-web hacker forum, Solonik claimed access to this data. This assertion was subsequently echoed by cybersecurity organization Malwarebytes, which announced on X that “Cybercriminals pilfered the sensitive data of 17.5 million Instagram accounts, encompassing usernames, physical addresses, phone numbers, email addresses, and more.”
While the implication suggests that this data is current and credible, it bears noting that a different member of the same forum had already disseminated a similar dataset in 2023, asserting it was a collection of Instagram data without specifying its source.
Moreover, the sample data supplied by Solonik mirrored that which had been circulated nearly three years prior. Essentially, Solonik merely rebranded an older dataset—a common stratagem among cybercriminals.
This dilemma intensified when numerous Instagram users reported unsolicited password reset requests, prompting several commentators, including Malwarebytes, to connect these two purported incidents. Instagram quickly moved to refute any allegations of a breach, although its communication lacked decisive reassurance.
“We rectified an issue that permitted an external entity to request password reset emails for certain Instagram users,” a Meta spokesperson remarked in a widely circulated statement over the weekend.
“We wish to assure everyone that there has been no compromise of our systems and that users’ Instagram accounts remain secure. Recipients of these emails may disregard them, and we apologize for any confusion caused.”
While the revelation of a 17-million-user leak constitutes a rehash of older news, it remains unclear whether a separate, enigmatic third party accessed Instagram’s internal systems.
Nonetheless, antiquated data can still be weaponized by fraudsters, prompting a prudent recommendation for Instagram users to update their passwords and remain vigilant against potential phishing attempts.
The controversial dataset has now been incorporated into the Have I Been Pwned email database.
In a January 11 update, HIBP reported, “In January 2026, data alleged to be scraped via an Instagram API surfaced on a popular hacking forum.”
The dataset reportedly encompassed 17 million entries of publicly available Instagram data, including usernames, display names, account IDs, and, in some instances, geolocation details. Of these records, 6.2 million included associated email addresses, with some containing phone numbers as well.
Source link: Cybersecurityconnect.com.au.
