Instagram Users Data Leak: A shocking report has come out regarding the social media platform Instagram. It has been claimed that the personal information of more than 1.75 crore Instagram users has fallen into the hands of cyber criminals and this data is available for sale on the dark web. This possible data leak has raised serious questions about the privacy of users around the world.
How did the data leak come to light?
Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more. pic.twitter.com/LXvjjQ5VXL
— Malwarebytes (@Malwarebytes) January 9, 2026
Information about this alleged security lapse was first given by cyber security company Malwarebytes on January 9. According to the company, this matter may be related to the exposure related to Instagram API that happened in the year 2024. Malwarebytes said it discovered this data set during a routine dark web scan, which has now fallen into the wrong hands and could be used for cybercrime.
What information was leaked?
According to the report, the leaked data includes sensitive information like username, mobile number, email ID, physical address. Malwarebytes says that in recent times, many users have received repeated emails related to password reset from Instagram and this could be the reason for this data leak.
Risk of cyber attacks may increase
Cyber experts have warned that leaking of such information can increase threats like phishing attacks, account hack and identity theft. Hackers may try to use the same login details on different platforms, which is called credential stuffing. Due to this, not only Instagram, but other online accounts can also be at risk.
Meta’s silence, concern among users
No official statement has yet been issued by Instagram’s parent company Meta on this entire matter. However, media organizations have contacted the company and the report has been said to be updated upon receiving the response.
Why more impact on India?
According to statistics, India is the largest market of Instagram, where there were more than 48 crore users by October 2025. Apart from this, Facebook and WhatsApp also have more than 50 crore users in the country. In such a situation, if the data leak is confirmed, it may impact Indian users the most.
What does the data protection law say?
Under the Digital Personal Data Protection (DPDP) Act, 2023 implemented in India, information like mobile number and email is considered as “personal data”. According to the law, using, sharing or leaking personal data in any way without permission comes under the category of data breach. However, many of its important provisions have not yet been fully implemented.
New rules, but time in complete safety
In November 2025, the Ministry of Electronics and IT notified the DPDP rules, paving the way for a data protection law in India. At present, only a few provisions are in force, while it will take time for rules like informing users about data breach and using data with consent to be fully implemented.
How can users themselves stay safe?
Cyber security experts say that users should check the settings of their Instagram account immediately. You can see which devices your account is logged into by going to Meta’s Accounts Center. Apart from this, it is very important to turn on two-factor authentication. Malwarebytes has also advised that if you have not yet activated 2FA, then activate it immediately, so that the account can get additional security.
Also read:
America left behind! India becomes the fastest AI adopting country in the world, report reveals
