Instagram Users' Data Leak: A shocking report has surfaced regarding the social media platform Instagram.

Instagram User Data Leak: A shocking report has surfaced regarding the social media platform Instagram. It claims that the personal information of over 17.5 million Instagram users has been compromised by cybercriminals and is available for sale on the dark web. This potential data leak has raised serious questions about the privacy of users worldwide.

How did the data leak come to light?

This alleged security breach was first reported by cybersecurity company Malwarebytes on January 9th. According to the company, the issue may be linked to an Instagram API exposure that occurred in 2024. Malwarebytes stated that it discovered this data set during a routine dark web scan, which has now fallen into the wrong hands and could be used for cybercrime.

What information was leaked?

According to the report, the leaked data includes sensitive information such as usernames, mobile numbers, email IDs, and physical addresses. Malwarebytes says that many users have recently received repeated emails from Instagram requesting password resets, and this data leak may be the reason.

The risk of cyber attacks may increase.

Cyber ​​experts warn that such information leaks could increase the risk of phishing attacks, account hacking, and identity theft. Hackers could attempt to use the same login details on different platforms, a practice known as credential stuffing. This could compromise not only Instagram but also other online accounts as well.

Meta's silence has caused concern among users.

No official statement has yet been issued by Instagram's parent company, Meta, regarding this matter. However, media outlets have contacted the company and have stated that they will update their report upon receiving a response.

Why more impact on India?

According to statistics, India is Instagram's largest market, with over 480 million users as of October 2025. Facebook and WhatsApp also have over 500 million users in the country. Therefore, if the data leak is confirmed, Indian users could be most affected.

What does the data protection law say?

Under the Digital Personal Data Protection (DPDP) Act, 2023, which is in effect in India, information such as mobile numbers and email addresses is considered “personal data.” According to the law, any unauthorized use, sharing, or leakage of personal data constitutes a data breach. However, many of its key provisions are not yet fully implemented.

New rules, but time in complete safety

In November 2025, the Ministry of Electronics and IT notified the DPDP Rules, paving the way for a data protection law in India. Currently, only a few provisions are in place, while rules such as notifying users of data breaches and consent-based data use will take time to fully implement.

How can users stay safe?

Cybersecurity experts say users should immediately check their Instagram account settings. You can check the devices your account is logged into by visiting Meta's Accounts Center. It's also crucial to enable two-factor authentication. Malwarebytes also recommends activating 2FA if you haven't already, to provide additional security.