Domain: instagram.com
What happened
Instagram API Data Scrape was reported in January 2026 after a dataset allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, and account IDs, with some records also containing geolocation data. Of these, approximately 6.2M records included an associated email address and a smaller subset also contained phone numbers, with the activity appearing unrelated to Instagram password reset mechanisms despite the similar timeframe.
Breach facts
- Records exposed
- 6,237,543
- Sensitive
- No
- Industry
- Entertainment
- Data exposed
- Email addressesUsernamesNamesGeographic locationsPhone numbers
This page summarises publicly reported breach metadata for awareness. For account recovery or incident response, use the official guidance from the affected service.
Breach data provided by XposedOrNot.