A threat actor has allegedly scraped 489 million lines of Instagram user data, including sensitive information, which is now reportedly being sold on the dark web.
DarkWebInformer’s official X account revealed the alarming incident, raising concerns over the scale and potential impact of the breach.
The compromised data includes many user details, such as usernames, email addresses, follower counts, following counts, and other personal information.
Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs
While Instagram or its parent company, Meta, have not officially confirmed this, the threat actor claims the data trove is being offered for sale, sparking fears of its potential misuse for phishing attacks, identity theft, or other malicious purposes.
According to the report, the data leak does not include passwords or direct messages, but cybercriminals could still leverage the exposed personal information for targeted attacks.
The staggering number of affected users raises concerns for individual privacy and businesses and influencers who rely heavily on Instagram for their online presence.
This incident follows a growing data scraping trend in which automated bots gather publicly available information from social media platforms on a massive scale.
While scraping does not involve direct hacking or breaching secure databases, it still poses significant security risks, especially when data is aggregated and sold for malicious use.
Experts advise Instagram users to remain vigilant, especially regarding phishing attempts that may arise from this leaked information.
Users are encouraged to enable two-factor authentication (2FA), review their privacy settings, and be cautious of unsolicited emails or messages.
As the situation unfolds, cybersecurity experts call for stricter measures to prevent similar incidents and protect user data on social media platforms.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver Fox,…
A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group has…
The LCRYX ransomware, a malicious VBScript-based threat, has re-emerged in February 2025 after its initial…
Recent cybersecurity investigations have uncovered a sophisticated technique employed by threat actors to evade detection…
A financial management app named Finance Simplified has been revealed as a malicious tool for…
A recent discovery by cybersecurity researchers has revealed that the Poseidon malware, a macOS-targeting trojan,…