Instagram: 6.2 million user data scraped
Data from 6.2 million Instagram users has landed in the Have I Been Pwned project. Additionally, 672,000 came from BreachForums.
(Image: heise medien)
Malicious actors have scraped data from 6.2 million users of the service through Instagram's access interfaces (APIs) and offered it in an underground forum. Now it has landed in the database of the Have I Been Pwned project (HIBP) and can be found there. Additionally, around 672,000 data records of users from the underground forum BreachForums have landed there.
This is reported by operator Troy Hunt on the Have I Been Pwned website. According to him, a user offered a dataset with 17 million entries of publicly accessible Instagram information in an underground forum. The data was allegedly scraped via Instagram APIs and dates from 2024. It includes usernames, display names, account IDs, and, in some cases, geographical data. “Of these entries, 6.2 million contained an email address and some also a phone number,” Hunt writes. “There is no indication that passwords or other sensitive information were compromised.”
Such information can be easily misused for SIM swapping attacks, especially outside of Germany, where criminals hijack victims' mobile numbers and then use them to make purchases or carry out other criminal activities. In Germany, providers may be liable, which is why they take measures so that SIM swapping is not a significant problem in this country.
However, the leak with the older data has nothing to do with the fact that Instagram users are currently receiving password reset requests. According to Instagram, this is not due to a breach of the service's servers, but rather to the fact that third parties were able to request such password reset emails. Affected users should ignore these emails.
BreachForums user data also leaked
In addition, after the successful takeover by law enforcement in April of last year, BreachForums or its successors experienced a data leak in August 2025. Hunt writes on the HIBP website that 672,000 email addresses are included in all tables of the database, including forum posts and private messages. The user table alone contains 324,000 email addresses, usernames, and Argon2 password hashes.
Videos by heise
Interested parties can check their email addresses on the HIBP website and see in which data leaks they have appeared. The Hasso Plattner Institute offers a comparable service with the Identity Leak Checker, which also collects information from various data leaks.
(dmk)
