Reports emerged on January 10, 2026, of a significant Instagram data leak affecting approximately 17.5 million users, where personal information including usernames, email addresses, phone numbers, and in some cases, bios containing sensitive details like physical locations, was exposed. Cybersecurity experts clarify this wasn’t a traditional hack but likely resulted from data scraping via public APIs over recent months, with the leaked dataset being sold online by a user named “Subkek.” Affected users may notice increased spam, phishing attempts, or unsolicited password reset emails, prompting immediate action. To protect yourself, change your Instagram password, enable two-factor authentication (2FA), review and limit profile visibility, and monitor for unusual account activity. Avoid sharing sensitive info in bios or public posts. Instagram’s parent company, Meta, has not yet issued an official statement, but users should check haveibeenpwned.com to see if their data was compromised. This incident highlights ongoing privacy risks on social platforms, urging better data protection practices.
