A recent data breach has revealed sensitive information belonging to 17.5 million Instagram users, as reported by Malwarebytes, an antivirus software company. The leaked data includes usernames, physical addresses, phone numbers, and email addresses, which are now reportedly available for sale on the dark web, posing risks of exploitation by cybercriminals.

Malwarebytes identified the breach during a routine scan of the dark web and linked it to a potential incident involving an Instagram API exposure from 2024. As a result of this breach, many users have received multiple emails from Instagram prompting password reset requests. The leaked information heightens the risk of more severe cyber threats, such as phishing attacks and account takeovers.

While Meta, the parent company of Instagram, has not issued an official statement regarding this incident, it is not the first time the company has faced scrutiny over data security issues. Users are advised to enable two-factor authentication and review their account security settings to mitigate potential risks.