{"id":497375,"date":"2026-01-11T10:09:54","date_gmt":"2026-01-11T14:09:54","guid":{"rendered":"https:\/\/deultimominuto.net\/en\/uncategorized\/massive-leak-on-instagram-data-of-17-5-million-accounts-exposed\/"},"modified":"2026-01-11T10:09:54","modified_gmt":"2026-01-11T14:09:54","slug":"massive-leak-on-instagram-data-of-17-5-million-accounts-exposed","status":"publish","type":"post","link":"https:\/\/deultimominuto.net\/en\/technology\/massive-leak-on-instagram-data-of-17-5-million-accounts-exposed\/","title":{"rendered":"Massive leak on Instagram: data of 17.5 million accounts exposed"},"content":{"rendered":"During this beginning of 2026, an unusual activity related to massive password reset requests has been detected<\/strong>. Both regular users and profiles with a large number of followers have been targeted by these messages, which appear completely legitimate and come from the social network's usual channel.\n\nIn most cases, recipients had not requested the password change. The volume and frequency of the emails made it suspect that it was more than just an isolated error. Quickly, debates and alerts arose on social networks, fueled by the feeling that it could be a serious security problem.\n\n\n

What's happening with Instagram accounts<\/h2>\n\n\nOn January 9, the antivirus software company Malwarebytes published details about a data breach<\/strong> that, according to their investigations, put a huge number of accounts at risk.\n\n\n
You can also read:Protests in Nepal occur after ban on the use of Facebook, Instagram, YouTube and other social networks<\/a><\/strong><\/h5>\n\n\nThe company assured that a group of cybercriminals managed to steal confidential information from 17.5 million Instagram accounts<\/strong>, including usernames, physical addresses, phone numbers, and email addresses. The discovery of this data set on a cybercrime forum raised the alarm, as it was not a simple automated extraction, but a complete and functional \"doxing kit\".\n\n\n
\"\"<\/figure>\n\n\nThe hypotheses about the mechanism of the attack pointed to two possibilities: an automated brute force attack<\/strong> generated multiple password change requests to sow confusion and, among the legitimate messages, try to sneak in a malicious email; or Meta, the company that owns Instagram, had initiated a preventive password reset on accounts considered compromised.\n\nFor its part, Instagram<\/strong> addressed the rumors, pointing out that the incident was due to a \"software problem\"<\/strong> that allowed a third party to request password reset emails for some people.\n\nHe flatly denied that there had been unauthorized access to their servers or a breach of their systems. In their statement, the company assured:  \u201cThere was no breach of our systems and your Instagram accounts are safe\u201d<\/strong>. The statement concluded with apologies to users affected by the inconvenience caused.\n\n\n

What is the real risk that Instagram users are experiencing now<\/h2>\n\n\nThe difference between both stories is significant. Malwarebytes<\/strong> points to a massive data breach and commercialization of personal information on the black market<\/strong>, which implies risks in both the digital environment and real life.\n\n\n
\"\"<\/figure>\n\n\nInstagram, on the other hand, minimizes the scope and reduces it to a failure in sending password reset emails, without consequences for the integrity of accounts or the data stored in its systems.\n\nThe details published by Malwarebytes reinforce the thesis of a serious incident: the leaked data includes real names, physical addresses, phone numbers, and email addresses<\/strong>. The information would be sold in batches classified by country and number of followers, prioritizing high-profile accounts such as those of influencers or companies.\n\nInstagram, for its part, insists that no attacker managed to access the servers or obtain data from within the platform. In its version, users received unsolicited password change messages, but their accounts remained protected at all times.\n\n\n

What to do if you are a victim of this attack<\/h2>\n\n\nGiven this scenario, the recommendation is to act with caution and not interact with any links received via email, even if the message appears authentic. Do not click on links that appear in emails, no matter how real they seem<\/strong>.\n\n\n
\"\"<\/figure>\n\n\n\n

If you receive an unexpected notification to reset your password, the safest thing to do is to change it directly from the application by following the path: 'Settings and activity' > 'Account Center' > 'Password and security' > 'Change password'<\/strong>. It is advisable to choose a long, strong and unique password for Instagram.<\/p>\n\n\nWe recommend reading: Britney Spears deactivates her Instagram account after a new dispute with her ex-husband\n\nAnother key measure is to activate two-factor authentication<\/strong> from the security section of the application. Experts recommend avoiding the SMS-based option and opting for authentication applications for more robust protection.\n\nClosing open sessions on all devices, reviewing the 'Instagram Emails' section in the settings, and deleting any suspicious messages completes the list of preventive actions. If any email outside of the official channels is detected, it should be deleted immediately and reported to the platform.","protected":false},"excerpt":{"rendered":"

During this beginning of 2026, an unusual activity related to massive password reset requests has been detected. Both regular users and profiles with a large number of followers have been targeted by these messages, which appear completely legitimate and come from the social network’s usual channel. In most cases, recipients had not requested the password […]<\/p>\n","protected":false},"author":111,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[96],"tags":[43059,23315],"class_list":{"0":"post-497375","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-technology","7":"tag-malwarebytes","8":"tag-software"},"acf":[],"jetpack_featured_media_url":"","dum_api":{"author_name":"Ana Laura L\u00f3pez","author_image":"https:\/\/deultimominuto.net\/wp-content\/uploads\/2025\/01\/cropped-WhatsApp-Image-2025-01-29-at-1.45.56-PM-96x96.jpeg","categories_name":["Technology"],"featured_media_url":null},"_links":{"self":[{"href":"https:\/\/deultimominuto.net\/en\/wp-json\/wp\/v2\/posts\/497375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/deultimominuto.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/deultimominuto.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/deultimominuto.net\/en\/wp-json\/wp\/v2\/users\/111"}],"replies":[{"embeddable":true,"href":"https:\/\/deultimominuto.net\/en\/wp-json\/wp\/v2\/comments?post=497375"}],"version-history":[{"count":0,"href":"https:\/\/deultimominuto.net\/en\/wp-json\/wp\/v2\/posts\/497375\/revisions"}],"wp:attachment":[{"href":"https:\/\/deultimominuto.net\/en\/wp-json\/wp\/v2\/media?parent=497375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/deultimominuto.net\/en\/wp-json\/wp\/v2\/categories?post=497375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/deultimominuto.net\/en\/wp-json\/wp\/v2\/tags?post=497375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}