Overview
- Malwarebytes flagged a dataset tied to 17.5 million profiles posted by a user known as “Solonnik” on BreachForums, with copies now circulating on dark‑web markets.
- Leaked records reportedly include usernames, email addresses, phone numbers and partial physical addresses, raising risks that extend beyond spam to doxxing or stalking.
- Users report receiving convincing password‑reset messages that appear legitimate; security guidance urges ignoring unexpected links and verifying sender details from @mail.instagram.com.
- Experts recommend resetting credentials only through the Instagram app or website, checking the platform’s recent‑emails log, and enabling app‑based two‑factor authentication.
- Some sellers are offering batches sorted by region and follower count, increasing exposure for influencers and high‑profile accounts while researchers continue to validate scope.