In a recent data breach, a threat actor group posted over 489 million Instagram user profiles for sale on the dark web. The data, scraped through the Instagram API over the last three months, includes both public and hidden details—raising serious concerns about user privacy.
What Was Leaked?
On November 10, the group shared this extensive data set, which contains:
• Username
• Full name
• First name
• Biography
• External URL
• Account category
• Follower and following counts
• Location
• Creation date
• User ID and scrape ID
Over 100 samples were listed by the threat actor to back up their claim
While no passwords or private messages were leaked, the exposed information provides ample material for targeted attacks.
Privacy Concerns
With access to usernames, emails, and other personal details, cybercriminals could use this data for phishing, account takeovers, and even business email compromise. This incident highlights the vulnerability of publicly available information that can still be leveraged for malicious purposes.
How to Stay Protected
Instagram users can take these steps to mitigate the risks:
• Enable Two-Factor Authentication: This adds an extra layer of security to prevent unauthorized access.
• Review Privacy Settings: Limit who can see your posts and profile details.
• Be Cautious of Phishing Attacks: Watch out for suspicious emails or messages asking for personal information.
Taking these precautions can help users stay safer in a digital landscape where personal information is increasingly at risk.
.png)
.png)