verified2026-01-07

InstagramInstagram breach

instagram.com · 6,215,150 records compromised

Records
6.22M
Breach date
2026-01-07
Domain
instagram.com
Data classes
5

Description

In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum . The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform , despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.

Compromised data classes· 5

Display namesEmail addressesGeographic locationsPhone numbersUsernames

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Breach
Twitter
Breach
Twitter (200M)
Breach
Facebook Marketplace
Breach
Adpost
Breach
Substack
Breach
Facebook
Sourced from Have I Been Pwned. Aggregate metadata only — no PII. Curated by Adam Lundqvist, Founder at SQUR.