A data breach may have impacted up to 17.5 million Instagram accounts, revealing sensitive data including usernames, physical addresses, phone numbers, and email addresses.
This type of data can be used by hackers to gain access to users’ accounts. Cybersecurity firm Malwarebytes, which first reported the breach, advised users to change their passwords in the wake of the breach or enable two-factor authentication (2FA). However, don’t click on unsolicited password reset emails.
This Tweet is currently unavailable. It might be loading or has been removed.
Some Instagram users appear to be receiving fake password reset emails—a common technique used in phishing scams. Meanwhile, several Reddit users have also posted screenshots of unprompted password reset requests in recent days.
If you received these emails, change your password directly via Settings and activity > Accounts Center > Password and security > Change password.
To enable two-factor authentication on Instagram, head to Accounts Center > Password and security, and select two-factor authentication. You’ll need to add your chosen security method, such as an authenticator app (recommended) or SMS (less secure).
Recommended by Our Editors
CyberInsider suggests that the stolen data stems from an Instagram API leak that occurred in 2024, since the data contained “entries with structured JSON fields typical of API responses,” though it didn’t rule out other causes. On Jan. 7, 2026, a user with the alias “Solonik” published what appears to be stolen data on a message board dedicated to sharing personal information collected from data breaches, offering it for free.
Get Our Best Stories!
Your Daily Dose of Our Top Tech News
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Experience
I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.
I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.
Read Full Bio
&w=1024&resize=1024,1024&ssl=1 "Quanto custa um PC gamer para rodar Battlefield 6?")
/https://i.s3.glbimg.com/v1/AUTH_08fbf48bc0524877943fe86e43087e7a/internal_photos/bs/2025/y/6/aYVUvxQZW9aKplYTh1DQ/jovi5.jpg?w=1024&resize=1024,1024&ssl=1 "8 modelos que competem agressivamente no preço")
/https://i.s3.glbimg.com/v1/AUTH_08fbf48bc0524877943fe86e43087e7a/internal_photos/bs/2025/o/3/jCUBBQQ4CLUKB8T5spfg/galaxys25ultra-traseira.png?w=1024&resize=1024,1024&ssl=1 "8 modelos do baratinho ao top de linha")
