17.5 million user data was stolen. The first effects of the data offered for sale on the dark web are already becoming apparent. Users are reporting strange activity related to their Instagram accounts.
Suddenly, an Instagram password reset notification pops up in your email inbox. This wasn’t even asked. This leaves many users perplexed. The reason for this is likely to be a data leak with more than 17 million accounts affected.
During a routine investigation on the dark web, experts from the antivirus company Malwarebytes discovered sensitive data from Instagram users that was being offered for sale. More than 17.5 million user data sets are said to be found there and contain the user name, email address, telephone number and even the physical address.
Even though the vulnerability was said to have been exploited via an API interface as early as 2024, the first strange activities are now being detected. There are said to have been unusual movements in the accounts themselves. But what users report most are seemingly random password reset requests. This is a clear indication that unauthorized persons are trying to gain access to the account.
In contrast to well-known phishing attacks, these are not fakes in which users are tricked into clicking on prepared links.
The information is already on the dark web. There are several steps you can take to protect your Instagram account from unknown attackers. This is how two-factor authentication should be activated. It should also be changed at the same time – especially if the password is also used on other platforms.
Meta’s Accounts Center can also be used to check which devices are currently logged into the accounts. This not only helps in identification but also in removing these unknown devices from the list.
Instagram parent Meta has since confirmed on
>>> Report from Malwarebytes
