U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A massive breach exposed data of 17.5M Instagram users

A massive breach exposed data of 17.5M Instagram users, triggering mass password reset emails and fears that stolen data is already circulating online. A major data breach has exposed the personal data of about 17.5 million Instagram users, Malwarebytes Labs researchers warn. Exposed data includes usernames, physical addresses, phone numbers, and email addresses,. Since January […]

instagram

A massive breach exposed data of 17.5M Instagram users, triggering mass password reset emails and fears that stolen data is already circulating online.

A major data breach has exposed the personal data of about 17.5 million Instagram users, Malwarebytes Labs researchers warn. Exposed data includes usernames, physical addresses, phone numbers, and email addresses,.

Since January 10, 2026, a million users have received password reset emails, sparking confusion and fears of a global cyberattack. Security experts warn this is a serious privacy breach with real-world risks, and affected data may already be circulating on the dark web.

The researchers found a sensitive database for sale on a cybercrime forum, described as a “doxxing kit” affecting nearly 18 million Instagram users. Unlike past data scrapes, this leak includes physical home addresses linked to Instagram user IDs.

The stolen data likely didn’t come from Instagram profiles alone, attackers may have combined Instagram user IDs with data from external databases, such as marketing lists, data brokers, e-commerce platforms, or leaked customer records, to match usernames with real names and home addresses.

By linking online identities to physical addresses, the threat goes beyond spam or account takeovers. It enables stalking, swatting, extortion, and identity theft, turning a digital privacy breach into a potential real-world safety risk.

“The data is not just sitting idle. Reports indicate that portions of the 17.5 million record database are being auctioned on illicit marketplaces.” reported the website The Cybersec Guru. “The data is reportedly being sold in “batches” sorted by region and follower count, making influencers and high-profile business accounts primary targets.”

Instagram users should act now and assume possible exposure. Researchers recommend avoiding clicking password reset emails, resetting your password only via the app, and verify emails using Instagram’s official email log to spot phishing. Enable app-based two-factor authentication, preferring avoid SMS 2FA. Finally, review and remove unknown or unused third-party app permissions, which may have contributed to the breach.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data leak)