Instagram’s “17 Million User Data Leak” Was Just Scraped Records from 2022 – Hackread

This week has been a chaotic one, especially for Instagram users, after Malwarebytes announced on the 9th of January that it had tracked a data breach involving the Meta-owned platform. According to the company, hackers had leaked data from 17.5 million Instagram accounts online. The leaked information included usernames, email addresses, phone numbers, and physical addresses. In Malwarebytes’ own words on X (formerly Twitter), “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.“ Malwarebytes on X The tweet implied that the incident was a recent data breach. That claim is inaccurate. Hackread.com’s investigation confirms that while the data is real and not fabricated, cybercriminals did not steal it, at least not recently. For your information, Malwarebytes was referring to a BreachForums post published on January 7, 2026, by a user going by the alias Solonik, titled “INSTAGRAM.COM 17M GLOBAL USERS – 2024 API LEAK.” The post claimed the data was from a 2024 breach and included usernames, emails, phone numbers, user IDs, and partial locations. In reality, Hackread.com’s investigation confirmed it was a repackaged scrape originally collected in 2022. The same data was first leaked on BreachForums in June
Read More