ShellCodeX Breach Report
Instagram Data Breach
instagram.com
Verified breach
Accounts exposed
6,215,150
Breach date
07 Jan 2026
Added to tracker
11 Jan 2026
Data classes
5
What happened
In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.
Exposed data
Display names
Email addresses
Geographic locations
Phone numbers
Usernames
Recommended actions
- Watch for targeted phishing emails referencing Instagram — attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP