Jan 12, 2026
3 min read
It is even suspected that the circulating information is being marketed as a "doxxing card", which is often used for terrorist purposes or to destroy the victims.
The document being published is also suspected of being marketed as a "doxxing kit" or doxing tool, which is often used for serious incidents or to intimidate victims.
ECO PRIHANANTO PIG
CALIFORNIA, SUNDAY - The information of about 17.5 million Instagram users is said to have been downloaded and is being disseminated in computer forensics.The attack is considered more dangerous than ever because it links the data of Instagram users with the data of the platform, including e-commerce products, to its address.
Suspicions have grown stronger with an increase in password reset requests from around 1 million users in multiple countries since January 9, 2026.As of Sunday (November 1, 2026), Instagram parent company Meta has not issued an official comment on the alleged data breach.
The problem was highlighted by the report of cyber security writer Davey Winder in Forbes, Saturday (10/1/2026) local time.Winder reported an increase in e-mails containing password resets received by users in a short period of time.
He also received dozens of password reset emails in just 48 hours.He started receiving letters on the morning of January 9, 2026.The email from Instagram looks credible and official, not the result of a fake sender.
However,A password reset email alerted him immediately."This is a criminal tactic to convince network administrators to change their passwords," he said.
In 2025, the US Federal Bureau of Investigation (FBI) warned organizations about this type of password reset technique, Winder said.
He linked the email to the alleged leak of 17.5 million Instagram accounts, which was posted on the BreachForums hacking forum a few days ago.However, until the password reset email exists, there is no solid evidence for this claim.
According to Winder, the database, which it claims contains 17.5 million accounts, was made public hours before the wave of password reset emails began to be widely reported.
"It is now highly likely that the surge in password recovery attacks is related to the news of the data breach of 17.5 million Instagram accounts by the BreachForums actor," he wrote.
British media, The Sun, citing cyber security researcher Malwarebytes, reported that the data was first discovered circulating in dark forums, uploaded by criminals with the alias "Solonik".The database is titled "INSTAGRAM.COM 17M GLOBAL USERS - 2024 API LEAK" and is said to be available in JSON and TXT formats.
Cybersecurity expert Pierluigi Paganini, writing in Cybersecurity Media Security Matters, reported that nearly one million users received password reset notifications on January 10, 2026.
According to the report, the current database is even being sold as a doxing kit.
A doxxing kit is a collection of personal data used for doxxing, which is to reveal and link a person's online identity to their real identity in the real world.Typically, doxxing is used to terrorize, intimidate, or blackmail the doxxing victim.
The data in this leak was allegedly collected through scraping practices, such as automatically extracting data from the public interfaces of multiple platforms. However, because it is marketed as a doxing tool, the Instagram data leak incident is considered to be different from previous social media scraping practices.
The difference is that the data does not contain only the username or email address as usual.Therefore, Instagram user data is also shown to be linked to real-world identities, including physical addresses.This increases the risk of terrorism, lies and real threats to the world.
The data isn't just lying around.Part of the database, which contains 17.5 million records, is reportedly being sold on the illegal market.
Paganini warned in the report that linking an online identity to a physical address could create serious crime risks, including stalking, extortion, identity theft and potential real-world security threats.
It is believed that some of the data was auctioned on the black market.The form comes in a package of data categorized by region and number of followers.This makes content creators, influencers and business accounts valuable targets.
Experts estimate that the incident has shifted from passive leakage to active exploitation.Cybersecurity site CyberSec Guru said, "Data isn't just sitting around, it's dormant. Parts of a database containing 17.5 million records are being auctioned on the illegal market, a report shows."
This data breach shows that Instagram's data collection restriction mechanisms cannot prevent large-scale data collection.
Paganini also said the data didn't come entirely from Instagram.Deletion of Instagram user identities and databases may include data from marketing lists, data brokers, marketplaces and other platforms such as e-commerce or old leaked records.
During this time, Instagram emphasized that resetting a password does not immediately mean that the recipient's email account has been hacked.Because such a request can be triggered by another user error by entering the wrong email or user.
But even if passwords can't be obtained directly, a leaked email and phone number combination is enough for targeted phishing (pretending to be a real website), impersonating Instagram support, and switching SIM cards.
Instagram states the importance of enabling two-factor authentication (2FA) as its primary security feature.This feature requires an additional code when trying to connect from an unrecognized device.
Instagram automatically enables 2FA for creative accounts.Instagram also requests that all users ensure that the feature is not unknowingly disabled.
As additional security measures, cybersecurity experts recommend that users change passwords only through the official Instagram app, check official Instagram email records to ensure authenticity of messages, and check and disallow unknown third-party apps.
As of Sunday (11/1/2026), Meta has not found any suspicious connection to the sudden password management attack.With over 2 billion active users, Instagram is one of the main targets of cybercriminals.Experts estimate that the massive data leak could facilitate further attacks on millions of accounts.
Francisco Romano Ninick, WLANGUAGE COORDINER:
