Large social media platform hit by another personal data breach. A seller named Solonik posted a data package on the dark web forum BreachForums containing information on 17.5 million Instagram users, including phone numbers, emails, and even precise address coordinates down to their homes. Security team Malwarebytes has confirmed the authenticity of the data — while the package doesn't contain passwords, this information is enough for bad actors to build a "targeted hunting list."
What happens next? If you've been receiving frequent "Instagram password reset" notifications recently, don't rush to blame it on a system glitch. This could very well be hackers probing. They typically first use your email to trigger the official forgot password process — on one hand confirming the account actually exists, and on the other hand planting anxiety in your mind. When you're bombarded to the point of confusion, an email that looks like official customer service follows — with an enticing link inside, and clicking it means you're hooked.
This tactic has already caught people in social circles. Phishing emails typically request you to reverify your identity, update payment information, or "confirm account security" — essentially collecting more personal data or directly stealing login credentials. This risk becomes especially amplified for those who've linked this email to exchanges or wallets. Hackers could then leverage this to infiltrate your crypto asset accounts.
A few self-protection tips: when password reset notifications arrive, stay calm and log in directly to the official app rather than clicking links in emails; spread out your email and phone number usage across different accounts so one breach doesn't compromise everything; always enable two-factor authentication on exchange and wallet accounts; regularly check your account login history and the list of associated devices. Large-scale data breaches like this happen frequently, so being extra vigilant never hurts.
Lol, here we go again...17.5 million IG accounts blown up, I'm telling you why the reset notifications have been so frequent lately
I've had 2FA enabled for ages, but these hackers are absolutely crazy, the phishing emails are packaged way too convincingly
I've already separated the email for the exchange, at least this round wasn't a total waste of learning
Large social media platform hit by another personal data breach. A seller named Solonik posted a data package on the dark web forum BreachForums containing information on 17.5 million Instagram users, including phone numbers, emails, and even precise address coordinates down to their homes. Security team Malwarebytes has confirmed the authenticity of the data — while the package doesn't contain passwords, this information is enough for bad actors to build a "targeted hunting list."
What happens next? If you've been receiving frequent "Instagram password reset" notifications recently, don't rush to blame it on a system glitch. This could very well be hackers probing. They typically first use your email to trigger the official forgot password process — on one hand confirming the account actually exists, and on the other hand planting anxiety in your mind. When you're bombarded to the point of confusion, an email that looks like official customer service follows — with an enticing link inside, and clicking it means you're hooked.
This tactic has already caught people in social circles. Phishing emails typically request you to reverify your identity, update payment information, or "confirm account security" — essentially collecting more personal data or directly stealing login credentials. This risk becomes especially amplified for those who've linked this email to exchanges or wallets. Hackers could then leverage this to infiltrate your crypto asset accounts.
A few self-protection tips: when password reset notifications arrive, stay calm and log in directly to the official app rather than clicking links in emails; spread out your email and phone number usage across different accounts so one breach doesn't compromise everything; always enable two-factor authentication on exchange and wallet accounts; regularly check your account login history and the list of associated devices. Large-scale data breaches like this happen frequently, so being extra vigilant never hurts.