Instagram’s 2024 data leak just made an unwanted comeback tour
Unsplash
A massive treasure trove of Instagram user data has just bubbled back up to the surface, and it’s putting millions of accounts back in the crosshairs more than a year after the original leak was thought to be dead and buried.
Roughly 17.5 million accounts are caught up in this latest wave after the data started making the rounds on a notorious hacking forum in early January 2026. According to a security alert from Malwarebytes, a hacker going by the handle “Solonik” is the one behind the leak. While this might feel like a brand-new security breach, experts say the data actually stems from a 2024 misstep – a misconfigured Instagram API that allowed bad actors to scrape massive amounts of profile info before Meta could plug the hole.
Unsplash
Back when this first happened, attackers were able to quietly harvest data for months. Eventually, the database vanished from the dark web, but its sudden return proves a frustrating reality of the digital age: once your info is out there, it’s out there for good.
The resurfaced “doxxing kit” is particularly nasty because it’s so detailed
It doesn’t just have usernames; it includes full names, email addresses, phone numbers, and even physical home addresses. This is a goldmine for cybercriminals because it allows them to move past generic spam and launch incredibly convincing, targeted attacks. Malwarebytes is already seeing a spike in scammers pretending to be Instagram support to lure people into handing over their login details.
Unsplash
The most clever part of this attack, however, is the password reset scam. Instead of sending a fake, sketchy-looking email, hackers are actually triggering real password reset requests from Instagram’s own servers. You get a legitimate email from a “meta.com” or “instagram.com” address, you panic thinking someone is in your account, and in that moment of confusion, you’re much more likely to fall for a follow-up phishing text or call.
As of January 11, 2026, Meta has stayed quiet on the matter
While the most visible impact has been in Europe so far, the risk is global – especially for anyone who uses the same password for Instagram as they do for their bank or email.
The advice from security pros is simple but non-negotiable: change your password now, make sure it’s unique, and for heaven’s sake, turn on two-factor authentication (preferably using an app rather than SMS). This latest leak is a blunt reminder that even if a company fixes a bug, the data stolen through it can come back to haunt you at any time.
Moinak Pal is has been working in the technology sector covering both consumer centric tech and automotive technology for the…
This Chrome extension makes it easier to trust your X feed
No more tapping into profiles just to see where someone’s “based in.”
What’s happened? X has recently added a “Based in” field that allows you to view the location of someone’s profile. Following that, RhysSullivan, an independent developer, has created a Chrome extension that takes those profile tags and shows them as tiny national flags directly in the feed, so there’s no need to open a profile to see an account’s country. The extension does this by calling X’s own API endpoints from the browser context while you’re logged in.
The extension identifies usernames on a feed page, then calls X’s GraphQL AboutAccountQuery to request the account_based_in field.
Read more
Check this new social app which lets you spoil your favourite TV shows and books
Do you want a safe place to spoil that episode? Phictly lets you and your friends pick the pace
What Happened: Remember how the internet used to feel?
That vibe of finding a tiny corner where people were just as obsessed with a show as you were?
Read more
Lawsuit claims Meta stopped research showing users felt better after leaving Facebook
Court filing alleges Meta hid findings that Facebook breaks improved user well-being
What Happened: Meta is back in the hot seat, and this time it’s over allegations that it buried its own research about Facebook’s impact on mental health.
A new, unredacted legal filing just hit the public eye, and it claims that back in 2019, Meta launched an internal study called Project Mercury.
Read more
