Instagram Data Breach
What Happened
In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.
Compromised Data
Recommended Actions
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1PasswordBreach Overview
-
Affected Accounts:
6.2 million
-
Breach Occurred:
January 2026
-
Added to HIBP:
11 Jan 2026
Recommended Actions
Change Your Password
If you haven’t already changed the password affected by this breach, do so immediately on every account where it was used.
Enable Two-Factor Authentication
Wherever 2FA is supported, add an extra layer of security to your account.
Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.
Try 1Password