Instagram’s “17 Million User Data Leak” Was Just Scraped Records from 2022

This week has been a chaotic one, especially for Instagram users, after Malwarebytes announced on the 9th of January that it had tracked a data breach involving the Meta-owned platform. According to the company, hackers had leaked data from 17.5 million Instagram accounts online. The leaked information included usernames, email addresses, phone numbers, and physical addresses.

In Malwarebytes’ own words on X (formerly Twitter), “Cybercriminals stole the sensitive information of 17.5 million Instagram accounts, including usernames, physical addresses, phone numbers, email addresses, and more.“

Malwarebytes on X

The tweet implied that the incident was a recent data breach. That claim is inaccurate. Hackread.com’s investigation confirms that while the data is real and not fabricated, cybercriminals did not steal it, at least not recently.

For your information, Malwarebytes was referring to a BreachForums post published on January 7, 2026, by a user going by the alias Solonik, titled “INSTAGRAM.COM 17M GLOBAL USERS – 2024 API LEAK.”

The post claimed the data was from a 2024 breach and included usernames, emails, phone numbers, user IDs, and partial locations. In reality, Hackread.com’s investigation confirmed it was a repackaged scrape originally collected in 2022.

The same data was first leaked on BreachForums in June 2023 by a user known as “vanz,” and also surfaced on another forum, LeakBase, around the same time. Labeling it as a 2024 leak was a deliberate move to rebrand stale data as new, a tactic often used to inflate credibility and generate attention.

2022 leak in 2023 and then posted in 2026 – Solonik’s post was marked as a repost after being criticized by users (Image credit: Hackread.com)

****Matching the Numbers****

The so-called “latest” Instagram data leak contains 17,017,213 user records. That number exactly matches the data leaked by “vanz” in June 2023 and by “Solonik” in January 2026. Not only is the count identical, but even a quick look at the sample data confirms it’s a direct copy. The format, fields, and entries all match the earlier leak.

Hackread.com cross-checked all 17,017,213 records and can confirm that the “new” leak is nothing more than a re-post of the same data from 2022, repackaged as new.

Matching the numbers and records from the leaked dataset (Image credit: Hackread.com)

****Password Reset Emails and Instagram’s Straight Yet Vague Response****

After reports of the leak resurfaced, some users began receiving password reset emails from Instagram. Initially, there was speculation that these were phishing attempts since the data did not include passwords.

The emails came from Instagram’s official domain and were verified, complete with blue checkmarks, leading many to believe that Instagram had indeed been breached and attackers had accessed real user data.

However, earlier today, on January 11, 2025, Instagram addressed the claims on X. The company denied any breach but acknowledged that an issue had allowed an external party to trigger password reset emails to some users.

“We fixed an issue that let an external party request password reset emails for some people. There was no breach of our systems, and your Instagram accounts are secure. You can ignore those emails. Sorry for any confusion,” Instagram tweeted.

Instagram on X

That raises a bigger question: Who was this external party, and how were they able to send legitimate password reset emails? Was someone, or some automated system, exploiting Instagram’s password reset feature using the same usernames from the scraped dataset?

While it remains unclear who was behind the activity, users did receive password reset emails they never requested, which added to the confusion and helped spread breach claims.

****The Tabloidisation of Cybersecurity News****

A growing issue in cybersecurity reporting is the rise of publications that operate more like tabloids than credible sources. These outlets rush to break stories for clicks, often relying on unverified claims from social media or Telegram channels without performing even basic checks on the data.

As the latest Instagram incident shows, no effort was made to confirm the origin, age, or legitimacy of the information before running dramatic headlines about “breaches.” In doing so, they spread panic, confuse readers, undermine actual security research, and damage public understanding of real cybersecurity threats.

****Advice for Instagram Users: Phishing and Smishing Risks Remain****

Nevertheless, even though the leaked data is old, the information it contains is real. That’s all scammers need to launch targeted phishing and smishing campaigns. Instagram users listed in the data should be on alert for suspicious emails pretending to be from Instagram, Meta, or other trusted services.

These messages may try to trick users into entering their passwords, clicking on malicious links, or downloading attachments. The same goes for SMS messages that include links or urgent security warnings. If you receive a password reset email or message you didn’t request, do not click anything. Go directly to the app or site and verify from there. Recycled data still gets used, and often causes damage years after it first leaks.