A major data breach has exposed sensitive information from around 17.5 million Instagram accounts. This leak includes usernames, email addresses, phone numbers, and physical addresses. The stolen data is actively being traded on dark web marketplaces, which raises significant concerns about identity theft and phishing attacks targeting affected users. Cybersecurity firm Malwarebytes confirmed the breach and noted that the data appears to have been scraped from public APIs and other sources in late 2024. Several users have reported receiving unexpected password reset emails, indicating that cybercriminals are trying to exploit the leaked information to hijack accounts. Instagram has stated that no breach of their systems occurred, attributing the password reset emails to a technical issue that allowed external parties to trigger these requests. They advised users to ignore these emails and take protective measures, such as enabling two-factor authentication and changing passwords. The seller of the data, identified as “Subkek,” claims the information was gathered recently and includes sample records. Cybersecurity experts are investigating how the data was obtained, whether through Instagram vulnerabilities or third-party services. The situation highlights ongoing vulnerabilities in user account security and the need for vigilance among Instagram users.