A significant data breach has put the personal information of approximately 17.5 million Instagram users at risk, as revealed by cybersecurity firm Malwarebytes. The leaked data, which is reportedly being shared on hacker forums, includes sensitive details such as usernames, full names, email addresses, phone numbers, and partial physical addresses.
Malwarebytes discovered the breach during their monitoring of the dark web, highlighting the potential for hackers to exploit this information for various malicious activities. These can include impersonation scams, phishing attacks, and unauthorized account takeovers, with attackers particularly likely to misuse Instagram’s password reset feature.
While Meta, the parent company of Instagram, has yet to confirm this breach, users are urged to take immediate action to secure their accounts. If anyone suspects their Instagram account may be compromised, they should follow several steps for protection.
First, users should check for any security emails from Instagram. An email from security@mail.instagram.com indicating changes to one’s account, such as a password update, may provide an option to secure the account if action is taken quickly.
If access to the account has been lost, the next step involves requesting a login link. Users can initiate this by clicking on “Forgotten password?” on the login screen, entering their username, email, or phone number, completing the captcha, and following the instructions in the login link sent via email or SMS.
For those who can’t regain access through the login link, requesting help can lead to additional recovery options. Users should provide a secure email address for Instagram support to follow up on.
For account verification, the necessary steps can depend on the type of account. Users with no profile photos may verify their identity through their linked email or phone number, while those with profile photos might be required to submit a video selfie to confirm their identity. Instagram insists that this video will solely be used for verification purposes and will not be posted or stored longer than required.
In addition, users who still have access to their accounts are encouraged to immediately change their passwords and enable additional security measures such as two-factor authentication to bolster account protection.
As users take these precautions, it emphasizes the importance of vigilance regarding personal information online, particularly as cyber threats become increasingly sophisticated. Though the incident is alarming, the proactive measures outlined can help mitigate risks and safeguard personal data effectively.