ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Instagram Data Breach

instagram.com
Significant exposure
Verified breach
Accounts exposed 6,215,150
Breach date 07 Jan 2026
Added to tracker 11 Jan 2026
Data classes 5

What happened

In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.

Exposed data

Display names Email addresses Geographic locations Phone numbers Usernames

Recommended actions

  • Watch for targeted phishing emails referencing Instagram — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP