Instagram Data Breach

06/01/2026 · 6,215,150 records · moderate risk

0 /100

Gravity Score

Moderate

Calculated based on the types of data exposed (5 categories) and the volume of affected records (6,215,150).

Not every incident involves stolen passwords. In this Instagram related event, a large collection of profile information was gathered and shared after being obtained through automated access to platform features, often referred to as data scraping.

The dataset was posted on a well known hacking forum and was described as coming from an Instagram API. While much of the content appears to be based on public profile details, the problem is that it was aggregated at scale, making it far easier to search, filter, and misuse.

The exposed fields included usernames and display names, and some entries also contained geolocation information. For a portion of accounts, an email address was present, and some records reportedly included a phone number as well.

The figures discussed included millions of rows overall, with about 6.2 million entries containing an associated email address. There is no sign that passwords were accessed, but the presence of email addresses, phone numbers, and location data can still increase the chance of targeted scams and unwanted contact.

Exposed data

Display names Email addresses Geographic locations Phone numbers Usernames

What to do based on this breach

Review Instagram privacy settings for email, phone number, and location visibility, and limit what is shown on your profile

Be cautious with phishing emails, texts, or DMs that mention your handle, display name, or city, and avoid unknown links

If a phone number is tied to your account, use call and SMS filtering, block unknown senders, and review apps that can access your number

Check whether your username or email appears in breach lookup services and keep a record in case you choose to exercise GDPR rights

What can we learn from this breach?

This incident highlights how mass collection of mostly public data can still become a ready made toolkit for scammers. Reducing exposed contact details like email and phone numbers, and avoiding unnecessary location sharing, lowers the risk of targeted outreach. For platforms, stronger controls against abusive automation and tighter API monitoring help prevent large scale extraction.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

WIRED

07/09/2025 2,364,431 records moderate risk

4 data types in common

SoundCloud

14/12/2025 29,815,722 records low risk

3 data types in common

← All breaches