Malwarebytes has flagged a resurfaced dataset tied to roughly 17.5 million Instagram accounts that reappeared on the dark web in early January 2026. The company says the records stem from a misconfigured Instagram API in late 2024 and were reposted by a threat actor who uses the handle “Solonik.” This reposting has put a large set of usernames, emails, phone numbers, physical addresses and account metadata back into circulation.
Overview of the Instagram Data Leak
The incident is not a new intrusion into Instagram but a reappearance of previously scraped information collected via an API flaw in 2024. The data surfaced on Breachforums and was shared publicly again in January 2026, prompting Malwarebytes to issue an alert about renewed abuse. For context on how third‑party or provider problems can lead to account compromise, see this article on third-party provider breach, which explains similar vectors.
Details of the Exposed Data
The freshly reposted dataset contains structured contact and profile information that attackers can use to craft targeted attacks. The presence of multiple contact points increases the chances of successful account takeovers or targeted fraud when combined with other data points.
- Usernames
- Emails
- Phone numbers
- Physical addresses
- Account metadata
Reports indicate the exposure has global reach, with confirmed impacts reported in parts of Europe; the effect on individual users depends on how that data is reused by criminals.
Attack Methods and Risks
Threat actors are not relying on obvious scam messages; instead, they are triggering legitimate Instagram password reset emails from the platform’s own domain to make their attempts appear authentic. This technique raises the risk of successful credential theft when recipients follow reset links or reuse passwords across sites.
With enough personal details, attackers can escalate to SIM swapping and other targeted fraud types that aim to seize control of accounts or bypass two‑factor protections. For practical steps to guard against manipulative messages and social tactics, consult this social engineering guide.
Recommended Actions for Users
If you may be affected, take immediate steps to reduce the risk of account takeover and fraud. Prioritize simple, effective protections that limit what attackers can do with exposed contact details.
- Change your Instagram password to a strong, unique password you don’t use elsewhere.
- Enable two-factor authentication (2FA) on Instagram, preferably via an authenticator app rather than SMS when possible.
- Be cautious with unsolicited password reset emails: don’t follow links in unexpected messages and sign in directly on Instagram to check for alerts.
- Monitor accounts and connected email or phone lines for unusual activity and consider using a separate email for important accounts.
Why this matters
If you run mining rigs or manage crypto‑related accounts, exposed Instagram contact details can still be useful to criminals trying to impersonate you or reach services you use. Even when the leak isn’t directly about mining, successful account takeovers or SIM swaps can disrupt access to wallets, marketplaces or two‑factor channels tied to your devices.
For miners in Russia managing anywhere from a single device to a large farm, the practical consequence is the same: extra risk of targeted scams or social engineering attempts that can lead to financial loss or service interruptions. Staying alert to unexpected reset emails and securing authentication channels reduces that risk.
What to do
Take a short checklist approach: secure credentials, harden authentication, and limit what exposed contact points can reveal about your operations. These steps are low cost and help reduce the chance that recycled data from this leak becomes a vector for theft.
- Update passwords and avoid reuse across exchanges, wallets and social accounts.
- Switch 2FA to an authenticator app or hardware key where available, and avoid relying solely on SMS.
- Ignore or verify urgent‑looking reset emails by signing in directly to the service rather than clicking links.
- Keep an eye on email and phone activity tied to important accounts and act quickly on suspicious signs.
FAQs About the Instagram Data Leak
Was this a new Instagram hack?
No. The records stem from a misconfigured Instagram API in late 2024 that allowed large‑scale scraping, and the same dataset was reposted on the dark web in January 2026.
What information was exposed?
The reposted dataset includes usernames, emails, phone numbers, physical addresses and account metadata. That mix of data makes targeted phishing and identity abuse more feasible for attackers.
Why are users receiving legitimate password reset emails?
Attackers are triggering Instagram’s legitimate password reset mechanism to make scams look authentic. Because the reset messages come from Instagram’s domain, recipients can be tricked into following links unless they verify the request through their account directly.
What should affected users do right now?
Change your password to a strong, unique one, enable two‑factor authentication, and monitor your accounts and phone/email for suspicious activity. If you see unexpected resets or messages, do not click links in the messages—sign in to Instagram directly to check and secure your account.
