Alleged Instagram User Data Appears to Be Compiled from Older Breaches, Expert Suggests

Following claims that data belonging to approximately 17 million Instagram users is being sold online, cybersecurity experts have begun analysing the dataset’s authenticity.

Shahak Shalev, global head of scam and AI research at Malwarebytes, stated that early analysis suggests the database may not stem from a new breach. Instead, it appears to be a compilation of data from older, previously reported Instagram-related leaks.

“There are some indications that the Instagram data dump includes data from other, older, alleged Instagram breaches,” Shalev explained.

He also noted that reports of unsolicited password reset emails began appearing days before the data was advertised publicly, raising the possibility that the data may have circulated in closed groups before surfacing more widely.

However, Shalev cautioned that another scenario remains possible: a bad actor may have exploited a separate vulnerability to trigger mass password reset requests, while the data sale represents an unrelated event.

For now, there is no confirmed technical link between the two incidents.