Instagram data breach alert! Personal info of over 17.5 million users leaked on dark web. Learn what’s exposed, risks, and how to secure your account now.
A shocking report has emerged about the social media platform Instagram, revealing that personal data of over 17.5 million users may have been compromised and is now reportedly available for sale on the dark web. This potential data breach has raised serious concerns about user privacy worldwide.
How the Data Leak Came to Light
The alleged security breach was first flagged on January 9, 2026, by cybersecurity firm Malwarebytes. According to the company, the leak may be linked to a 2024 Instagram API exposure. During a routine dark web scan, Malwarebytes discovered the dataset, which could now fall into the hands of cybercriminals for malicious activities.
What Information Was Leaked?
The leaked data reportedly includes usernames, mobile numbers, email IDs, and physical addresses. Malwarebytes noted that many Instagram users have recently received multiple emails prompting them to reset passwords, a potential consequence of this breach.
Rising Threats of Cyber Attacks
Cybersecurity experts warn that such leaked information increases the risk of phishing attacks, account hacking, and identity theft. Hackers may attempt credential stuffing, using the same login credentials across multiple platforms, which can compromise not only Instagram but other online accounts as well.
Meta’s Silence and Growing User Concerns
As of now, Instagram’s parent company Meta has not issued an official statement regarding the breach. Media outlets have reached out to the company, promising updates if a response is received.
ALSO READ:- BCB Denies Reports of Mustafizur Rahman IPL 2026 Comeback…
Why India Could Be Impacted the Most
India is the largest Instagram market, with over 48 crore users as of October 2025. In addition, more than 50 crore users access Facebook and WhatsApp in the country. If this leak is confirmed, Indian users are likely to be among the most affected.
Data Protection Laws in India
Under India’s Digital Personal Data Protection (DPDP) Act, 2023, mobile numbers and email IDs are considered personal data. Any unauthorized collection, sharing, or leakage of such data is classified as a data breach, although several critical provisions of the law are not yet fully enforced.
New Rules, But Full Protection Is Yet to Come
In November 2025, the Ministry of Electronics & IT notified rules under the DPDP Act, paving the way for stronger data protection. However, complete implementation of rules like breach notifications and consent-based data usage will take time.
How Users Can Stay Safe
Cybersecurity specialists advise Instagram users to immediately review their account settings. Through Meta’s Accounts Center, users can check which devices are logged in. Activating Two-Factor Authentication (2FA) is highly recommended. Malwarebytes also suggested that users who have not yet enabled 2FA should do so immediately to add an extra layer of security.
For More Hindi News:- http://newz24india.com