Impact & Downstream Threats
This breach carries high risk due to the nature of exposed data fields and the scale of affected records.
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
Breach Intelligence
Executive Summary
In 2024 a dataset of roughly 17 million Instagram records surfaced after what appeared to be an exposed third party data broker, built largely from automated scraping rather than a confirmed compromise of Meta’s systems. It contained a broad range of personal data – usernames, emails, phone numbers, profile links and in some cases passwords – making it highly useful for fraud and phishing. The material first circulated on BreachForums in 2024 and was rapidly copied, segmented, and folded into other underground collections.,
, The versions now circulating in 2026 closely resemble that earlier release, even as some media and alerting services such as Have I Been Pwned have referred to them as new, adding to the uncertainty. Many analysts believe the bulk of the data is likely older and being redistributed in modified form, a familiar pattern in breach markets where rebranding can be mistaken for novelty.,
About Instagram
Social media platform for photo, video, and messaging features.
Data Points Exposed
Dark Web Verification
Status: Confirmed
- Dataset containing approximately 4.2M records identified in breach intelligence sources.
- The data is indexed and searchable across breach notification platforms.
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Non-clients may request a breach impact review.
Frequently Asked Questions
In January 2024, Instagram experienced a data breach that exposed approximately 4.2M records containing personal information.
The exposed data includes fields such as email address, phone number.
Approximately 4.2M records were affected based on current breach intelligence.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Instagram
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam