Instagram data of 17.5 million users resurfaces after 2024 incident

Malwarebytes reported that data linked to about 17.5 million Instagram accounts reappeared on a hacking forum in January 2026 and said the set traces back to a 2024 misconfigured Instagram API; Meta had not commented as of January 11, 2026.

Security researchers reported that a dataset tied to roughly 17.5 million Instagram accounts resurfaced on a hacking forum in early January 2026. Malwarebytes attributed the posting to a user known as "Solonik" and said the material stems from a 2024 misconfigured Instagram API. At the time of the report, Meta had not issued a public comment. The return of the dataset has drawn renewed attention to data exposed in the earlier incident. Key details: - The dataset covers about 17.5 million Instagram accounts. - Malwarebytes reported the files originate from a 2024 API misconfiguration that allowed large-scale scraping. - The material reappeared on a hacking forum in early January 2026 and was posted by a user identified as "Solonik." - Meta had not commented publicly as of January 11, 2026, and security firms reported a rise in scam attempts linked to the resurfaced data. Summary: The reappearance revives concerns about previously exposed personal data and reported increases in scam activity. Undetermined at this time.